Browse all 5 CVE security advisories affecting Janitza. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Janitza develops power monitoring and energy management solutions for industrial environments. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and authentication flaws. The company's devices typically expose web interfaces and network services that have been targeted in attacks. While no major public incidents have been widely documented, the presence of five CVEs indicates ongoing security challenges in their IoT ecosystem, particularly in web-based components and communication protocols. Security researchers have noted that some vulnerabilities could allow unauthorized access to critical infrastructure systems if proper hardening measures aren't implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-41712 | Incorrect Permission Assignment on power analyzer — UMG 96RM-E 24V(5222063)CWE-732 | 6.5 | Medium | 2026-03-10 |
| CVE-2025-41711 | Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer — UMG 96RM-E 24V(5222063)CWE-327 | 5.3 | Medium | 2026-03-10 |
| CVE-2025-41710 | Use of Hard-coded Credentials in power analyzer — UMG 96RM-E 24V(5222063)CWE-798 | 6.5 | Medium | 2026-03-10 |
| CVE-2025-41709 | Command injection in power analyzer via Modbus-TCP and Modbus-RTU — UMG 96RM-E 24V(5222063)CWE-78 | 9.8 | Critical | 2026-03-10 |
| CVE-2025-41729 | DoS via Modbus Read Command — UMG 96-PACWE-1287 | 7.5 | High | 2025-11-24 |
This page lists every published CVE security advisory associated with Janitza. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.