User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareIE-SW-PL08MT-8TX

Security Advisory

Weidmüller Interface GmbH & Co. KG

Klingenbergstraße 26

32758 Detmold, Germany

T +49 5231 14-0

F +49 5231 14292083

www.weidmueller.com Page 1 of 6

Security Advisory for Industrial Ethernet Managed

Switches of the following Product Series:

IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-

PL18M, IE-SW-PL09M series

Advisory

Document Identifyer:

D1400074

Version:

1.0

Publication Date:

2019-12-04

Reference:

VDE-2019-018

CVE Identifier

CVE-2019-16670, CVE-2019-16671, CVE-2019-16672, CVE-2019-16673, CVE-2019-16674

Severity

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products

The following Weidmüller Industrial Ethernet managed switches with the indicated firmware are affected:

Product number

Product name

Firmware version

1504280000

IE-SW-VL05M-5TX

≤ V3.6.6 Build 16102415

1504310000

IE-SW-VL05MT-5TX

1504330000

IE-SW-VL05M-3TX-2SC

1504350000

IE-SW-VL05MT-3TX-2SC

1504370000

IE-SW-VL05M-3TX-2ST

1504390000

IE-SW-VL05MT-3TX-2ST

1240940000

IE-SW-VL08MT-8TX

≤ V3.5.2 Build 16102415

1240970000

IE-SW-VL08MT-5TX-3SC

1345240000

IE-SW-VL08MT-5TX-1SC-2SCS

1240990000

IE-SW-VL08MT-6TX-2ST

1344770000

IE-SW-VL08MT-6TX-2SC

1241020000

IE-SW-VL08MT-6TX-2SCS

1241040000

IE-SW-PL08M-8TX

≤ V3.3.8 Build 16102416

1286780000

IE-SW-PL08MT-8TX

1241070000

IE-SW-PL08M-6TX-2SC

1286790000

IE-SW-PL08MT-6TX-2SC

1241080000

IE-SW-PL08M-6TX-2ST

1286800000

IE-SW-PL08MT-6TX-2ST

1241090000

IE-SW-PL08M-6TX-2SCS

1286810000

IE-SW-PL08MT-6TX-2SCS

1241290000

IE-SW-PL10M-3GT-7TX

≤ V3.3.16 Build 16102416

1286930000

IE-SW-PL10MT-3GT-7TX

1241300000

IE-SW-PL10M-1GT-2GS-7TX

Summary of content (6 pages)

PAGE 1
Security Advisory Security Advisory for Industrial Ethernet Managed Switches of the following Product Series: IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SWPL18M, IE-SW-PL09M series Advisory Document Identifyer: Version: Publication Date: Reference: D1400074 1.0 2019-12-04 VDE-2019-018 CVE Identifier CVE-2019-16670, CVE-2019-16671, CVE-2019-16672, CVE-2019-16673, CVE-2019-16674 Severity 9.8 (CVSS:3.
PAGE 2
Security Advisory Product number 1286940000 1241100000 1286820000 1241120000 1286830000 1241130000 1286840000 1241320000 1286970000 1241330000 1286990000 1241340000 1287000000 1241350000 1287010000 1241370000 1287020000 Product name IE-SW-PL10MT-1GT-2GS-7TX IE-SW-PL16M-16TX IE-SW-PL16MT-16TX IE-SW-PL16M-14TX-2SC IE-SW-PL16MT-14TX-2SC IE-SW-PL16M-14TX-2ST IE-SW-PL16MT-14TX-2ST IE-SW-PL18M-2GC-16TX IE-SW-PL18MT-2GC-16TX IE-SW-PL18M-2GC14TX2SC IE-SW-PL18MT-2GC14TX2SC IE-SW-PL18M-2GC14TX2ST IE-SW-PL18MT-2GC14T
PAGE 3
Security Advisory Description An issue was discovered on Weidmueller devices. Please see "Affected Products" for a list of affected products. Sensitive credentials data is transmitted in cleartext. CVE ID Vulnerability Type CVSS Description CVE-2019-16673 Unprotected Storage of Credentials (CWE-256) CVE ID Vulnerability Type CVSS Description CVE-2019-16674 Predictable from Observable State (CWE-341) 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) An issue was discovered on Weidmueller devices.
PAGE 4
Security Advisory b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SWPL18M, IE-SW-PL09M To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting “https only”.
PAGE 5
Security Advisory Find below appropriate patched firmware versions for all affected products.
PAGE 6
Security Advisory Support For support please contact Weidmüller at www.weidmueller.com/service. Weidmüller Interface GmbH & Co. KG Klingenbergstraße 26 32758 Detmold, Germany T +49 5231 14-0 F +49 5231 14292083 www.weidmueller.