User Documentation
Security Advisory
Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 26
32758 Detmold, Germany
T +49 5231 14-0
F +49 5231 14292083
www.weidmueller.com Page 4 of 6
b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-
PL18M, IE-SW-PL09M
To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web
interface access can be configured to ensure encrypted connections by selecting “https only”.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > System: Set the “Web Configuration” to ”https only”
Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674
Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M,
IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M
After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via
Weidmüller configuration software named “WM Switch Utility” for Windows OS and to enable an encrypted
search service, that will be working with the new “Weidmüller Switch Configuration Utility”. (available soon)
Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the
vulnerabilities referred to in this section the unencrypted search service should be disabled.
The respective web interface menu section for this setting can be reached via the following path:
Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox “Enable Search
Service”
Note: After disabling the unencrypted search service the switches can no longer be found or configured with the
current “WM Switch Utility”! Web interface settings are not affected by this configuration.