Vulnerability identifier: #VU23434
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IE-SW-VL05M-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-3SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-1SC-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09M-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09MT-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Weidmüller
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation. A remote authenticated attacker can send a specially crafted packet, trigger resource exhaustion and cause a denial of service condition on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IE-SW-VL05M-5TX: 3.6.6
IE-SW-VL05MT-5TX: 3.6.6
IE-SW-VL05M-3TX-2SC: 3.6.6
IE-SW-VL05MT-3TX-2SC: 3.6.6
IE-SW-VL05M-3TX-2ST: 3.6.6
IE-SW-VL05MT-3TX-2ST: 3.6.6
IE-SW-VL08MT-8TX: 3.5.2
IE-SW-VL08MT-5TX-3SC: 3.5.2
IE-SW-VL08MT-5TX-1SC-2SCS: 3.5.2
IE-SW-VL08MT-6TX-2ST: 3.5.2
IE-SW-VL08MT-6TX-2SC: 3.5.2
IE-SW-VL08MT-6TX-2SCS: 3.5.2
IE-SW-PL08M-8TX: 3.3.8
IE-SW-PL08MT-8TX: 3.3.8
IE-SW-PL08M-6TX-2SC: 3.3.8
IE-SW-PL08MT-6TX-2SC: 3.3.8
IE-SW-PL08M-6TX-2ST: 3.3.8
IE-SW-PL08MT-6TX-2ST: 3.3.8
IE-SW-PL08M-6TX-2SCS: 3.3.8
IE-SW-PL08MT-6TX-2SCS: 3.3.8
IE-SW-PL10M-3GT-7TX: 3.3.16
IE-SW-PL10MT-3GT-7TX: 3.3.16
IE-SW-PL10M-1GT-2GS-7TX: 3.3.16
IE-SW-PL10MT-1GT-2GS-7TX: 3.3.16
IE-SW-PL16M-16TX: 3.4.2
IE-SW-PL16MT-16TX: 3.4.2
IE-SW-PL16M-14TX-2SC: 3.4.2
IE-SW-PL16MT-14TX-2SC: 3.4.2
IE-SW-PL16M-14TX-2ST: 3.4.2
IE-SW-PL16MT-14TX-2ST: 3.4.2
IE-SW-PL18M-2GC-16TX: 3.4.4
IE-SW-PL18MT-2GC-16TX: 3.4.4
IE-SW-PL18M-2GC14TX2SC: 3.4.4
IE-SW-PL18MT-2GC14TX2SC: 3.4.4
IE-SW-PL18M-2GC14TX2ST: 3.4.4
IE-SW-PL18MT-2GC14TX2ST: 3.4.4
IE-SW-PL18M-2GC14TX2SCS: 3.4.4
IE-SW-PL18MT-2GC14TX2SCS: 3.4.4
IE-SW-PL09M-5GC-4GT: 3.3.4
IE-SW-PL09MT-5GC-4GT: 3.3.4
External links
http://cert.vde.com/en-us/advisories/vde-2019-018
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.