VDE-2019-018
Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2019-12-05 12:03 - Updated: 2025-05-22 13:03Summary
Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches
Notes
Summary: Multiple issues have been found. Please check the CVEs for details.
Impact: Please check the CVEs for details.
Remediation: For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
9.8 (Critical)
Vendor Fix
For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
9.8 (Critical)
Vendor Fix
For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.
9.8 (Critical)
Vendor Fix
For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.
6.5 (Medium)
Vendor Fix
For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.
9.8 (Critical)
Vendor Fix
For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:
Use the link www.weidmueller.com external link external link
Enter within search field on the web page the product number of the switch you want to update and press 'enter'
On next page expand the drop-down menu 'show downloads'
Download the respective firmware from the download table
Install the firmware on your switch
Solution for CVE-2019-16672
a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT
To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting 'https only'.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the 'Web Configuration' to 'https only'
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named 'WM Switch Utility' for Windows OS and to enable an encrypted search service, that will be working with the new 'Weidmüllermüller Switch Configuration Utility'. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox 'Enable Search Service'
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current 'WM Switch Utility'! Web interface settings are not affected by this configuration.
---
Please find below the appropriate patched firmware versions for all affected products.
| **Product Number** | **Product Name** | **Patched Firmware Version** |
|---------------------|---------------------------------|---------------------------------------|
| 1504280000 | IE-SW-VL05M-5TX | ≥ V3.6.24_Build_19062809 |
| 1504310000 | IE-SW-VL05MT-5TX | ≥ V3.6.24_Build_19062809 |
| 1504330000 | IE-SW-VL05M-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504350000 | IE-SW-VL05MT-3TX-2SC | ≥ V3.6.24_Build_19062809 |
| 1504370000 | IE-SW-VL05M-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1504390000 | IE-SW-VL05MT-3TX-2ST | ≥ V3.6.24_Build_19062809 |
| 1240940000 | IE-SW-VL08MT-8TX | ≥ V3.5.22_Build_19062810 |
| 1240970000 | IE-SW-VL08MT-5TX-3SC | ≥ V3.5.22_Build_19062810 |
| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | ≥ V3.5.22_Build_19062810 |
| 1240990000 | IE-SW-VL08MT-6TX-2ST | ≥ V3.5.22_Build_19062810 |
| 1344770000 | IE-SW-VL08MT-6TX-2SC | ≥ V3.5.22_Build_19062810 |
| 1241020000 | IE-SW-VL08MT-6TX-2SCS | ≥ V3.5.22_Build_19062810 |
| 1241040000 | IE-SW-PL08M-8TX | ≥ V3.3.16_Build_19062811 |
| 1286780000 | IE-SW-PL08MT-8TX | ≥ V3.3.16_Build_19062811 |
| 1241070000 | IE-SW-PL08M-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1286790000 | IE-SW-PL08MT-6TX-2SC | ≥ V3.3.16_Build_19062811 |
| 1241080000 | IE-SW-PL08M-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1286800000 | IE-SW-PL08MT-6TX-2ST | ≥ V3.3.16_Build_19062811 |
| 1241090000 | IE-SW-PL08M-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1286810000 | IE-SW-PL08MT-6TX-2SCS | ≥ V3.3.16_Build_19062811 |
| 1241290000 | IE-SW-PL10M-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1286930000 | IE-SW-PL10MT-3GT-7TX | ≥ V3.3.24_Build_19062813 |
| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | ≥ V3.3.24_Build_19062813 |
| 1241100000 | IE-SW-PL16M-16TX | ≥ V3.4.18_Build_19062814 |
| 1286820000 | IE-SW-PL16MT-16TX | ≥ V3.4.18_Build_19062814 |
| 1241120000 | IE-SW-PL16M-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1286830000 | IE-SW-PL16MT-14TX-2SC | ≥ V3.4.18_Build_19062814 |
| 1241130000 | IE-SW-PL16M-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1286840000 | IE-SW-PL16MT-14TX-2ST | ≥ V3.4.18_Build_19062814 |
| 1241320000 | IE-SW-PL18M-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1286970000 | IE-SW-PL18MT-2GC-16TX | ≥ V3.4.30_Build_19062817 |
| 1241330000 | IE-SW-PL18M-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | ≥ V3.4.30_Build_19062817 |
| 1241340000 | IE-SW-PL18M-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | ≥ V3.4.30_Build_19062817 |
| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | ≥ V3.4.30_Build_19062817 |
| 1241370000 | IE-SW-PL09M-5GC-4GT | ≥ V3.3.20_Build_19070111 |
| 1287020000 | IE-SW-PL09MT-5GC-4GT | ≥ V3.3.20_Build_19070111 |
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple issues have been found. Please check the CVEs for details.",
"title": "Summary"
},
{
"category": "description",
"text": "Please check the CVEs for details.",
"title": "Impact"
},
{
"category": "description",
"text": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@weidmueller.com",
"name": "Weidmueller Interface GmbH \u0026 Co. KG",
"namespace": "https://www.weidmueller.com"
},
"references": [
{
"category": "external",
"summary": "Weidmueller advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/weidmueller/"
},
{
"category": "self",
"summary": "VDE-2019-018: Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-018"
},
{
"category": "self",
"summary": "VDE-2019-018: Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches - CSAF",
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-018.json"
}
],
"title": "Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches",
"tracking": {
"aliases": [
"VDE-2019-018"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-01-23T16:06:04.177Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.17"
}
},
"id": "VDE-2019-018",
"initial_release_date": "2019-12-05T12:03:00.000Z",
"revision_history": [
{
"date": "2019-12-05T12:03:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: firmware category, version space, added distribution, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IE-SW-PL08M-6TX-2SC",
"product": {
"name": "IE-SW-PL08M-6TX-2SC",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1241070000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08M-6TX-2SCS",
"product": {
"name": "IE-SW-PL08M-6TX-2SCS",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1241090000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08M-6TX-2ST",
"product": {
"name": "IE-SW-PL08M-6TX-2ST",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1241080000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08M-8TX",
"product": {
"name": "IE-SW-PL08M-8TX",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1241040000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08MT-6TX-2SC",
"product": {
"name": "IE-SW-PL08MT-6TX-2SC",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1286790000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08MT-6TX-2SCS",
"product": {
"name": "IE-SW-PL08MT-6TX-2SCS",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1286810000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08MT-6TX-2ST",
"product": {
"name": "IE-SW-PL08MT-6TX-2ST",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1286800000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL08MT-8TX",
"product": {
"name": "IE-SW-PL08MT-8TX",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1286780000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL09M-5GC-4GT",
"product": {
"name": "IE-SW-PL09M-5GC-4GT",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1241370000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL09MT-5GC-4GT",
"product": {
"name": "IE-SW-PL09MT-5GC-4GT",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1287020000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10M-1GT-2GS-7TX",
"product": {
"name": "IE-SW-PL10M-1GT-2GS-7TX",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"1241300000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10M-3GT-7TX",
"product": {
"name": "IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"1241290000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10MT-1GT-2GS-7TX",
"product": {
"name": "IE-SW-PL10MT-1GT-2GS-7TX",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"1286940000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10MT-3GT-7TX",
"product": {
"name": "IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"1286930000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16M-14TX-2SC",
"product": {
"name": "IE-SW-PL16M-14TX-2SC",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"1241120000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16M-14TX-2ST",
"product": {
"name": "IE-SW-PL16M-14TX-2ST",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"1241130000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16M-16TX",
"product": {
"name": "IE-SW-PL16M-16TX",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"1241100000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16MT-14TX-2SC",
"product": {
"name": "IE-SW-PL16MT-14TX-2SC",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"1286830000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16MT-14TX-2ST",
"product": {
"name": "IE-SW-PL16MT-14TX-2ST",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"1286840000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16MT-16TX",
"product": {
"name": "IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"1286820000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18M-2GC14TX2SC",
"product": {
"name": "IE-SW-PL18M-2GC14TX2SC",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"1241330000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18M-2GC14TX2SCS",
"product": {
"name": "IE-SW-PL18M-2GC14TX2SCS",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"1241350000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18M-2GC14TX2ST",
"product": {
"name": "IE-SW-PL18M-2GC14TX2ST",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"1241340000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18M-2GC-16TX",
"product": {
"name": "IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"1241320000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18MT-2GC14TX2SC",
"product": {
"name": "IE-SW-PL18MT-2GC14TX2SC",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"1286990000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18MT-2GC14TX2SCS",
"product": {
"name": "IE-SW-PL18MT-2GC14TX2SCS",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"1287010000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18MT-2GC14TX2ST",
"product": {
"name": "IE-SW-PL18MT-2GC14TX2ST",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"1287000000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18MT-2GC-16TX",
"product": {
"name": "IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"1286970000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05M-3TX-2SC",
"product": {
"name": "IE-SW-VL05M-3TX-2SC",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"1504330000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05M-3TX-2ST",
"product": {
"name": "IE-SW-VL05M-3TX-2ST",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"1504370000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05M-5TX",
"product": {
"name": "IE-SW-VL05M-5TX",
"product_id": "CSAFPID-11031",
"product_identification_helper": {
"model_numbers": [
"1504280000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05MT-3TX-2SC",
"product": {
"name": "IE-SW-VL05MT-3TX-2SC",
"product_id": "CSAFPID-11032",
"product_identification_helper": {
"model_numbers": [
"1504350000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05MT-3TX-2ST",
"product": {
"name": "IE-SW-VL05MT-3TX-2ST",
"product_id": "CSAFPID-11033",
"product_identification_helper": {
"model_numbers": [
"1504390000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05MT-5TX",
"product": {
"name": "IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-11034",
"product_identification_helper": {
"model_numbers": [
"1504310000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-5TX-1SC-2SCS",
"product": {
"name": "IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-11035",
"product_identification_helper": {
"model_numbers": [
"1345240000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-5TX-3SC",
"product": {
"name": "IE-SW-VL08MT-5TX-3SC",
"product_id": "CSAFPID-11036",
"product_identification_helper": {
"model_numbers": [
"1240970000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2SC",
"product": {
"name": "IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-11037",
"product_identification_helper": {
"model_numbers": [
"1344770000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2SCS",
"product": {
"name": "IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-11038",
"product_identification_helper": {
"model_numbers": [
"1241020000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2ST",
"product": {
"name": "IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-11039",
"product_identification_helper": {
"model_numbers": [
"1240990000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-8TX",
"product": {
"name": "IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-11040",
"product_identification_helper": {
"model_numbers": [
"1240940000"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V3.3.8 Build 16102416",
"product": {
"name": "Firmware \u003c=V3.3.8 Build 16102416",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.3.4 Build 16102416",
"product": {
"name": "Firmware \u003c=V3.3.4 Build 16102416",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.3.16 Build 16102416",
"product": {
"name": "Firmware \u003c=V3.3.16 Build 16102416",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.4.2 Build 16102416",
"product": {
"name": "Firmware \u003c=V3.4.2 Build 16102416",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.4.4 Build 16102416",
"product": {
"name": "Firmware \u003c=V3.4.4 Build 16102416",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.6.6 Build 16102415",
"product": {
"name": "Firmware \u003c=V3.6.6 Build 16102415",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=V3.5.2 Build 16102415",
"product": {
"name": "Firmware \u003c=V3.5.2 Build 16102415",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version",
"name": "V3.6.24_Build_19062809",
"product": {
"name": "Firmware V3.6.24_Build_19062809",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V3.5.22_Build_19062810",
"product": {
"name": "Firmware V3.5.22_Build_19062810",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "V3.3.16_Build_19062811",
"product": {
"name": "Firmware V3.3.16_Build_19062811",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "V3.3.24_Build_19062813",
"product": {
"name": "Firmware V3.3.24_Build_19062813",
"product_id": "CSAFPID-22004"
}
},
{
"category": "product_version",
"name": "V3.4.18_Build_19062814",
"product": {
"name": "Firmware V3.4.18_Build_19062814",
"product_id": "CSAFPID-22005"
}
},
{
"category": "product_version",
"name": "V3.4.30_Build_19062817",
"product": {
"name": "Firmware V3.4.30_Build_19062817",
"product_id": "CSAFPID-22006"
}
},
{
"category": "product_version",
"name": "V3.3.20_Build_19070111",
"product": {
"name": "Firmware V3.3.20_Build_19070111",
"product_id": "CSAFPID-22007"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
],
"summary": "affected product."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"summary": "fixed products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08M-6TX-2SC",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08M-6TX-2SCS",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08M-6TX-2ST",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08M-8TX",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08MT-6TX-2SC",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08MT-6TX-2SCS",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08MT-6TX-2ST",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.8 Build 16102416 installed on IE-SW-PL08MT-8TX",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.4 Build 16102416 installed on IE-SW-PL09M-5GC-4GT",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.4 Build 16102416 installed on IE-SW-PL09MT-5GC-4GT",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.16 Build 16102416 installed on IE-SW-PL10M-1GT-2GS-7TX",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.16 Build 16102416 installed on IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.16 Build 16102416 installed on IE-SW-PL10MT-1GT-2GS-7TX",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.3.16 Build 16102416 installed on IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16M-14TX-2SC",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16M-14TX-2ST",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16M-16TX",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16MT-14TX-2SC",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16MT-14TX-2ST",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.2 Build 16102416 installed on IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18M-2GC14TX2SC",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18M-2GC14TX2SCS",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18M-2GC14TX2ST",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18MT-2GC14TX2SC",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18MT-2GC14TX2SCS",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18MT-2GC14TX2ST",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.4.4 Build 16102416 installed on IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05M-3TX-2SC",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05M-3TX-2ST",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05M-5TX",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05MT-3TX-2SC",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05MT-3TX-2ST",
"product_id": "CSAFPID-31033"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.6.6 Build 16102415 installed on IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-31034"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-31035"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-5TX-3SC",
"product_id": "CSAFPID-31036"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-31037"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-31038"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-31039"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V3.5.2 Build 16102415 installed on IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-31040"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05M-5TX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05M-3TX-2SC",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05MT-3TX-2SC",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05M-3TX-2ST",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.24_Build_19062809 installed on IE-SW-VL05MT-3TX-2ST",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-5TX-3SC",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.22_Build_19062810 installed on IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08M-8TX",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08MT-8TX",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08M-6TX-2SC",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08MT-6TX-2SC",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08M-6TX-2ST",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08MT-6TX-2ST",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08M-6TX-2SCS",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.16_Build_19062811 installed on IE-SW-PL08MT-6TX-2SCS",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.24_Build_19062813 installed on IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.24_Build_19062813 installed on IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.24_Build_19062813 installed on IE-SW-PL10M-1GT-2GS-7TX",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.24_Build_19062813 installed on IE-SW-PL10MT-1GT-2GS-7TX",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16M-16TX",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16M-14TX-2SC",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16MT-14TX-2SC",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16M-14TX-2ST",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.18_Build_19062814 installed on IE-SW-PL16MT-14TX-2ST",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18M-2GC14TX2SC",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18MT-2GC14TX2SC",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18M-2GC14TX2ST",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18MT-2GC14TX2ST",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18M-2GC14TX2SCS",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.30_Build_19062817 installed on IE-SW-PL18MT-2GC14TX2SCS",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.20_Build_19070111 installed on IE-SW-PL09M-5GC-4GT",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22007",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.20_Build_19070111 installed on IE-SW-PL09MT-5GC-4GT",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22007",
"relates_to_product_reference": "CSAFPID-11010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16674",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"title": "CVE-2019-16674"
},
{
"cve": "CVE-2019-16670",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"title": "CVE-2019-16670"
},
{
"cve": "CVE-2019-16672",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"title": "CVE-2019-16672"
},
{
"cve": "CVE-2019-16673",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"title": "CVE-2019-16673"
},
{
"cve": "CVE-2019-16671",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:\n\nUse the link www.weidmueller.com external link external link\n\nEnter within search field on the web page the product number of the switch you want to update and press \u0027enter\u0027\nOn next page expand the drop-down menu \u0027show downloads\u0027\nDownload the respective firmware from the download table\nInstall the firmware on your switch\n\nSolution for CVE-2019-16672\n\na.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\nTo avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\nb.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nTo avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u0027https only\u0027.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e System: Set the \u0027Web Configuration\u0027 to \u0027https only\u0027\n\n\nSolution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M\n\nAfter installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidm\u00fcllerm\u00fcller configuration software named \u0027WM Switch Utility\u0027 for Windows OS and to enable an encrypted search service, that will be working with the new \u0027Weidm\u00fcllerm\u00fcller Switch Configuration Utility\u0027. (available soon)\n\nBoth services \u2013 the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.\n\nThe respective web interface menu section for this setting can be reached via the following path:\n\nMain Menu \u003e Basic Settings \u003e Security \u003e Management Interface: Uncheck the checkbox \u0027Enable Search Service\u0027\n\nNote: After disabling the unencrypted search service the switches can no longer be found or configured with the current \u0027WM Switch Utility\u0027! Web interface settings are not affected by this configuration.\n\n---\n\nPlease find below the appropriate patched firmware versions for all affected products.\n| **Product Number** | **Product Name** | **Patched Firmware Version** |\n|---------------------|---------------------------------|---------------------------------------|\n| 1504280000 | IE-SW-VL05M-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504310000 | IE-SW-VL05MT-5TX | \u2265 V3.6.24_Build_19062809 |\n| 1504330000 | IE-SW-VL05M-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504350000 | IE-SW-VL05MT-3TX-2SC | \u2265 V3.6.24_Build_19062809 |\n| 1504370000 | IE-SW-VL05M-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1504390000 | IE-SW-VL05MT-3TX-2ST | \u2265 V3.6.24_Build_19062809 |\n| 1240940000 | IE-SW-VL08MT-8TX | \u2265 V3.5.22_Build_19062810 |\n| 1240970000 | IE-SW-VL08MT-5TX-3SC | \u2265 V3.5.22_Build_19062810 |\n| 1345240000 | IE-SW-VL08MT-5TX-1SC-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1240990000 | IE-SW-VL08MT-6TX-2ST | \u2265 V3.5.22_Build_19062810 |\n| 1344770000 | IE-SW-VL08MT-6TX-2SC | \u2265 V3.5.22_Build_19062810 |\n| 1241020000 | IE-SW-VL08MT-6TX-2SCS | \u2265 V3.5.22_Build_19062810 |\n| 1241040000 | IE-SW-PL08M-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1286780000 | IE-SW-PL08MT-8TX | \u2265 V3.3.16_Build_19062811 |\n| 1241070000 | IE-SW-PL08M-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1286790000 | IE-SW-PL08MT-6TX-2SC | \u2265 V3.3.16_Build_19062811 |\n| 1241080000 | IE-SW-PL08M-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1286800000 | IE-SW-PL08MT-6TX-2ST | \u2265 V3.3.16_Build_19062811 |\n| 1241090000 | IE-SW-PL08M-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1286810000 | IE-SW-PL08MT-6TX-2SCS | \u2265 V3.3.16_Build_19062811 |\n| 1241290000 | IE-SW-PL10M-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286930000 | IE-SW-PL10MT-3GT-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241300000 | IE-SW-PL10M-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1286940000 | IE-SW-PL10MT-1GT-2GS-7TX | \u2265 V3.3.24_Build_19062813 |\n| 1241100000 | IE-SW-PL16M-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1286820000 | IE-SW-PL16MT-16TX | \u2265 V3.4.18_Build_19062814 |\n| 1241120000 | IE-SW-PL16M-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1286830000 | IE-SW-PL16MT-14TX-2SC | \u2265 V3.4.18_Build_19062814 |\n| 1241130000 | IE-SW-PL16M-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1286840000 | IE-SW-PL16MT-14TX-2ST | \u2265 V3.4.18_Build_19062814 |\n| 1241320000 | IE-SW-PL18M-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1286970000 | IE-SW-PL18MT-2GC-16TX | \u2265 V3.4.30_Build_19062817 |\n| 1241330000 | IE-SW-PL18M-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1286990000 | IE-SW-PL18MT-2GC14TX2SC | \u2265 V3.4.30_Build_19062817 |\n| 1241340000 | IE-SW-PL18M-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1287000000 | IE-SW-PL18MT-2GC14TX2ST | \u2265 V3.4.30_Build_19062817 |\n| 1241350000 | IE-SW-PL18M-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1287010000 | IE-SW-PL18MT-2GC14TX2SCS | \u2265 V3.4.30_Build_19062817 |\n| 1241370000 | IE-SW-PL09M-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n| 1287020000 | IE-SW-PL09MT-5GC-4GT | \u2265 V3.3.20_Build_19070111 |\n",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040"
]
}
],
"title": "CVE-2019-16671"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…