Share: Email | Twitter

ID

VDE-2022-008

Published

2022-04-07 08:00 (CEST)

Last update

2022-04-07 08:28 (CEST)

Vendor(s)

Weidmueller Interface GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
1504460000 IE-GW-MB-2TX-1RS232/485 = V1.0 (Build 14050818)
1504470000 IE-GWT-MB-2TX-1RS232/485 = V1.0 (Build 14050818)

Summary

Multiple issues have been found in the affected products. See CVE descriptions for details.

Vulnerabilities



Weakness
Weak Password Requirements (CWE-521)
Summary

Insufficient password requirements for the web application on the affected products may allow an attacker to gain access by brute-forcing account passwords.

Weakness
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Summary

An attacker may be able to intercept weakly encrypted passwords and gain administrative access to the affected products.

Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary

A Buffer overflow in the built-in web server of the affected products allows remote attackers to initiate DoS, and probably to execute arbitrary code.

Weakness
Use of Insufficiently Random Values (CWE-330)
Summary

A predictable mechanism of generating tokens in the affected products allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.

Weakness
Cleartext Transmission of Sensitive Information (CWE-319)
Summary

Sensitive information is sent to the web server of the affected products in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic ...

Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

An Integer overflow in the built-in web server of the affected products allows remote attackers to initiate DoS.

Weakness
Insufficiently Protected Credentials (CWE-522)
Summary

The application's configuration file of the affected products contains parameters that represent passwords in cleartext.

Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary

An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in web-service of the affected products without authorization.

Weakness
Summary

A high rate of transit traffic on the affected products may cause a low-memory condition and a denial of service.

Impact

These vulnerabilities may allow an attacker to DoS affected devices or access sensitive information or gain administrative access. See vulnerability descriptions for details.

Solution

For all potential vulnerabilities, customers can download a patched firmware to secure their Modbus TCP/RTU Gateways properly. Please download and install the latest firmware for your device by following the procedure below:

Got to www.weidmueller.com

  1. Enter within search field on the web page the product number of the Modbus TCP/RTU Gateway you want to update and press “enter”
  2. On the next page expand the drop-down menu “SHOW DOWNLOADS”
  3. Download the respective firmware from the download table
  4. Install the firmware on your device

Find below appropriate patched firmware versions for all affected products.

Product number Product name Patched firmware version
1504460000 IE-GW-MB-2TX-1RS232/485 V2.1 (Build 21072817)
1504470000  IE-GWT-MB-2TX-1RS232/485




Reported by

Weidmueller thanks CERT@VDE for the support with this publication.