Vulnerability identifier: #VU23437
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-341
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IE-SW-VL05M-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-5TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05M-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL05MT-3TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-3SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-5TX-1SC-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-VL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-8TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08M-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL08MT-6TX-2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-3GT-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10M-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL10MT-1GT-2GS-7TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16M-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL16MT-14TX-2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC-16TX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18M-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL18MT-2GC14TX2SCS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09M-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
IE-SW-PL09MT-5GC-4GT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Weidmüller
Description
The vulnerability allows a remote attacker to gain access to admin password.
The vulnerability exists due authentication information used in a cookie is predictable. A remote attacker can compromise the admin password when captured on the network.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IE-SW-VL05M-5TX: 3.6.6
IE-SW-VL05MT-5TX: 3.6.6
IE-SW-VL05M-3TX-2SC: 3.6.6
IE-SW-VL05MT-3TX-2SC: 3.6.6
IE-SW-VL05M-3TX-2ST: 3.6.6
IE-SW-VL05MT-3TX-2ST: 3.6.6
IE-SW-VL08MT-8TX: 3.5.2
IE-SW-VL08MT-5TX-3SC: 3.5.2
IE-SW-VL08MT-5TX-1SC-2SCS: 3.5.2
IE-SW-VL08MT-6TX-2ST: 3.5.2
IE-SW-VL08MT-6TX-2SC: 3.5.2
IE-SW-VL08MT-6TX-2SCS: 3.5.2
IE-SW-PL08M-8TX: 3.3.8
IE-SW-PL08MT-8TX: 3.3.8
IE-SW-PL08M-6TX-2SC: 3.3.8
IE-SW-PL08MT-6TX-2SC: 3.3.8
IE-SW-PL08M-6TX-2ST: 3.3.8
IE-SW-PL08MT-6TX-2ST: 3.3.8
IE-SW-PL08M-6TX-2SCS: 3.3.8
IE-SW-PL08MT-6TX-2SCS: 3.3.8
IE-SW-PL10M-3GT-7TX: 3.3.16
IE-SW-PL10MT-3GT-7TX: 3.3.16
IE-SW-PL10M-1GT-2GS-7TX: 3.3.16
IE-SW-PL10MT-1GT-2GS-7TX: 3.3.16
IE-SW-PL16M-16TX: 3.4.2
IE-SW-PL16MT-16TX: 3.4.2
IE-SW-PL16M-14TX-2SC: 3.4.2
IE-SW-PL16MT-14TX-2SC: 3.4.2
IE-SW-PL16M-14TX-2ST: 3.4.2
IE-SW-PL16MT-14TX-2ST: 3.4.2
IE-SW-PL18M-2GC-16TX: 3.4.4
IE-SW-PL18MT-2GC-16TX: 3.4.4
IE-SW-PL18M-2GC14TX2SC: 3.4.4
IE-SW-PL18MT-2GC14TX2SC: 3.4.4
IE-SW-PL18M-2GC14TX2ST: 3.4.4
IE-SW-PL18MT-2GC14TX2ST: 3.4.4
IE-SW-PL18M-2GC14TX2SCS: 3.4.4
IE-SW-PL18MT-2GC14TX2SCS: 3.4.4
IE-SW-PL09M-5GC-4GT: 3.3.4
IE-SW-PL09MT-5GC-4GT: 3.3.4
External links
http://cert.vde.com/en-us/advisories/vde-2019-018
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.