Vulnerability identifier: #VU23433
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-307
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IE-SW-VL05M-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-3SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-1SC-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09M-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09MT-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Weidmüller
Description
The vulnerability allows a remote attacker to gain access to the system.
The vulnerability exists due to the authentication mechanism has no brute-force prevention. A remote attacker can launch a brute-force authentication attack and gain access to the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IE-SW-VL05M-5TX: 3.6.6
IE-SW-VL05MT-5TX: 3.6.6
IE-SW-VL05M-3TX-2SC: 3.6.6
IE-SW-VL05MT-3TX-2SC: 3.6.6
IE-SW-VL05M-3TX-2ST: 3.6.6
IE-SW-VL05MT-3TX-2ST: 3.6.6
IE-SW-VL08MT-8TX: 3.5.2
IE-SW-VL08MT-5TX-3SC: 3.5.2
IE-SW-VL08MT-5TX-1SC-2SCS: 3.5.2
IE-SW-VL08MT-6TX-2ST: 3.5.2
IE-SW-VL08MT-6TX-2SC: 3.5.2
IE-SW-VL08MT-6TX-2SCS: 3.5.2
IE-SW-PL08M-8TX: 3.3.8
IE-SW-PL08MT-8TX: 3.3.8
IE-SW-PL08M-6TX-2SC: 3.3.8
IE-SW-PL08MT-6TX-2SC: 3.3.8
IE-SW-PL08M-6TX-2ST: 3.3.8
IE-SW-PL08MT-6TX-2ST: 3.3.8
IE-SW-PL08M-6TX-2SCS: 3.3.8
IE-SW-PL08MT-6TX-2SCS: 3.3.8
IE-SW-PL10M-3GT-7TX: 3.3.16
IE-SW-PL10MT-3GT-7TX: 3.3.16
IE-SW-PL10M-1GT-2GS-7TX: 3.3.16
IE-SW-PL10MT-1GT-2GS-7TX: 3.3.16
IE-SW-PL16M-16TX: 3.4.2
IE-SW-PL16MT-16TX: 3.4.2
IE-SW-PL16M-14TX-2SC: 3.4.2
IE-SW-PL16MT-14TX-2SC: 3.4.2
IE-SW-PL16M-14TX-2ST: 3.4.2
IE-SW-PL16MT-14TX-2ST: 3.4.2
IE-SW-PL18M-2GC-16TX: 3.4.4
IE-SW-PL18MT-2GC-16TX: 3.4.4
IE-SW-PL18M-2GC14TX2SC: 3.4.4
IE-SW-PL18MT-2GC14TX2SC: 3.4.4
IE-SW-PL18M-2GC14TX2ST: 3.4.4
IE-SW-PL18MT-2GC14TX2ST: 3.4.4
IE-SW-PL18M-2GC14TX2SCS: 3.4.4
IE-SW-PL18MT-2GC14TX2SCS: 3.4.4
IE-SW-PL09M-5GC-4GT: 3.3.4
IE-SW-PL09MT-5GC-4GT: 3.3.4
External links
http://cert.vde.com/en-us/advisories/vde-2019-018
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.