CVE-2025-41709 in ENERGY METER 750-230
Summary
by MITRE • 03/10/2026
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/18/2026
This vulnerability represents a critical command injection flaw in industrial control systems that communicate using Modbus protocols. The issue affects devices that process Modbus-TCP and Modbus-RTU communications without proper authentication mechanisms, creating an attack surface where remote adversaries can execute arbitrary commands on affected systems. The vulnerability stems from insufficient input validation and sanitization within the Modbus protocol handlers, allowing maliciously crafted packets to bypass security controls and directly influence system operations. This represents a fundamental failure in the security architecture of industrial networks where protocol-level authentication is either absent or inadequately implemented.
The technical exploitation occurs through manipulation of Modbus request packets that contain command sequences designed to trigger unintended system behavior. Attackers can inject malicious commands into Modbus communication channels without requiring prior authentication credentials, enabling them to read and write data directly to the affected device's memory and operational registers. The flaw operates at the application layer of the OSI model where Modbus protocol handlers process incoming requests, making it particularly dangerous as it can affect critical infrastructure components such as programmable logic controllers plc systems and remote terminal units. This vulnerability aligns with CWE-77 and CWE-94 categories related to command injection and code execution flaws, which are commonly exploited in industrial environments where security controls are often less mature than in enterprise networks.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential physical system compromise and safety hazards. An attacker could manipulate industrial processes by injecting commands that alter sensor readings, modify control parameters, or disable safety mechanisms. The lack of authentication requirements means that attacks can be launched from anywhere on the network, potentially allowing adversaries to target critical infrastructure such as power generation facilities, water treatment plants, or manufacturing systems. This vulnerability directly maps to ATT&CK techniques including T1071.001 for application layer protocol usage and T1059.001 for command and script injection, demonstrating how industrial control systems can be compromised using standard cyberattack methodologies adapted for industrial environments.
Mitigation strategies must address both network-level and application-level security controls to protect against this vulnerability. Organizations should implement network segmentation to isolate industrial control systems from general network traffic, deploy robust Modbus protocol filtering rules, and enforce strong authentication mechanisms for all Modbus communications. The implementation of intrusion detection systems specifically tuned to monitor Modbus traffic patterns can help identify potential exploitation attempts. Regular security assessments of industrial control systems should include vulnerability scanning focused on protocol implementations, and device firmware should be updated with patches that address the input validation deficiencies. Additionally, network access controls should be configured to restrict Modbus communication to authorized systems only, and monitoring should be implemented to detect anomalous command sequences that may indicate exploitation attempts.