User Documentation
Security Advisory
Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 26
32758 Detmold, Germany
T +49 5231 14-0
F +49 5231 14292083
www.weidmueller.com Page 2 of 6
Product number
Product name
Firmware version
1286940000
IE-SW-PL10MT-1GT-2GS-7TX
1241100000
IE-SW-PL16M-16TX
≤ V3.4.2 Build 16102416
1286820000
IE-SW-PL16MT-16TX
1241120000
IE-SW-PL16M-14TX-2SC
1286830000
IE-SW-PL16MT-14TX-2SC
1241130000
IE-SW-PL16M-14TX-2ST
1286840000
IE-SW-PL16MT-14TX-2ST
1241320000
IE-SW-PL18M-2GC-16TX
≤ V3.4.4 Build 16102416
1286970000
IE-SW-PL18MT-2GC-16TX
1241330000
IE-SW-PL18M-2GC14TX2SC
1286990000
IE-SW-PL18MT-2GC14TX2SC
1241340000
IE-SW-PL18M-2GC14TX2ST
1287000000
IE-SW-PL18MT-2GC14TX2ST
1241350000
IE-SW-PL18M-2GC14TX2SCS
1287010000
IE-SW-PL18MT-2GC14TX2SCS
1241370000
IE-SW-PL09M-5GC-4GT
≤ V3.3.4 Build 16102416
1287020000
IE-SW-PL09MT-5GC-4GT
Vulnerability Type
Multiple. Please see section "Impact" for details.
Summary
Multiple issues have been found. Please see section "Impact" for details.
Impact
CVE ID
CVE-2019-16670
Vulnerability
Type
Improper Restriction of Excessive Authentication Attempts (CWE-307)
CVSS
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Description
An issue was discovered on Weidmueller devices. Please see "Affected Products" for a list
of affected products.
The authentication mechanism has no brute-force prevention.
CVE ID
CVE-2019-16671
Vulnerability
Type
Uncontrolled Resource Consumption (CWE-400)
CVSS
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Description
An issue was discovered on Weidmueller devices. Please see "Affected Products" for a list
of affected products.
Remote authenticated users can crash a device with a special packet because of
uncontrolled resource consumption.
CVE ID
CVE-2019-16672
Vulnerability
Type
Missing Encryption of Sensitive Data (CWE-311)
CVSS
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)