Share: Email | Twitter

ID

VDE-2019-018

Published

2019-12-05 13:03 (CET)

Last update

2019-12-05 13:03 (CET)

Vendor(s)

Weidmueller Interface GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
1241070000 IE-SW-PL08M-6TX-2SC <= V3.3.8 Build 16102416
1241090000 IE-SW-PL08M-6TX-2SCS <= V3.3.8 Build 16102416
1241080000 IE-SW-PL08M-6TX-2ST <= V3.3.8 Build 16102416
1241040000 IE-SW-PL08M-8TX <= V3.3.8 Build 16102416
1286790000 IE-SW-PL08MT-6TX-2SC <= V3.3.8 Build 16102416
1286810000 IE-SW-PL08MT-6TX-2SCS <= V3.3.8 Build 16102416
1286800000 IE-SW-PL08MT-6TX-2ST <= V3.3.8 Build 16102416
1286780000 IE-SW-PL08MT-8TX <= V3.3.8 Build 16102416
1241370000 IE-SW-PL09M-5GC-4GT <= V3.3.4 Build 16102416
1287020000 IE-SW-PL09MT-5GC-4GT <= V3.3.4 Build 16102416
1241300000 IE-SW-PL10M-1GT-2GS-7TX <= V3.3.16 Build 16102416
1241290000 IE-SW-PL10M-3GT-7TX <= V3.3.16 Build 16102416
1286940000 IE-SW-PL10MT-1GT-2GS-7TX <= V3.3.16 Build 16102416
1286930000 IE-SW-PL10MT-3GT-7TX <= V3.3.16 Build 16102416
1241120000 IE-SW-PL16M-14TX-2SC <= V3.4.2 Build 16102416
1241130000 IE-SW-PL16M-14TX-2ST <= V3.4.2 Build 16102416
1241100000 IE-SW-PL16M-16TX <= V3.4.2 Build 16102416
1286830000 IE-SW-PL16MT-14TX-2SC <= V3.4.2 Build 16102416
1286840000 IE-SW-PL16MT-14TX-2ST <= V3.4.2 Build 16102416
1286820000 IE-SW-PL16MT-16TX <= V3.4.2 Build 16102416
1241330000 IE-SW-PL18M-2GC14TX2SC <= V3.4.4 Build 16102416
1241350000 IE-SW-PL18M-2GC14TX2SCS <= V3.4.4 Build 16102416
1241340000 IE-SW-PL18M-2GC14TX2ST <= V3.4.4 Build 16102416
1241320000 IE-SW-PL18M-2GC-16TX <= V3.4.4 Build 16102416
1286990000 IE-SW-PL18MT-2GC14TX2SC <= V3.4.4 Build 16102416
1287010000 IE-SW-PL18MT-2GC14TX2SCS <= V3.4.4 Build 16102416
1287000000 IE-SW-PL18MT-2GC14TX2ST <= V3.4.4 Build 16102416
1286970000 IE-SW-PL18MT-2GC-16TX <= V3.4.4 Build 16102416
1504330000 IE-SW-VL05M-3TX-2SC <= V3.6.6 Build 16102415
1504370000 IE-SW-VL05M-3TX-2ST <= V3.6.6 Build 16102415
1504280000 IE-SW-VL05M-5TX <= V3.6.6 Build 16102415
1504350000 IE-SW-VL05MT-3TX-2SC <= V3.6.6 Build 16102415
1504390000 IE-SW-VL05MT-3TX-2ST <= V3.6.6 Build 16102415
1504310000 IE-SW-VL05MT-5TX <= V3.6.6 Build 16102415
1345240000 IE-SW-VL08MT-5TX-1SC-2SCS <= V3.5.2 Build 16102415
1240970000 IE-SW-VL08MT-5TX-3SC <= V3.5.2 Build 16102415
1344770000 IE-SW-VL08MT-6TX-2SC <= V3.5.2 Build 16102415
1241020000 IE-SW-VL08MT-6TX-2SCS <= V3.5.2 Build 16102415
1240990000 IE-SW-VL08MT-6TX-2ST <= V3.5.2 Build 16102415
1240940000 IE-SW-VL08MT-8TX <= V3.5.2 Build 16102415

Summary

Multiple issues have been found. Please check the CVEs for details.

Vulnerabilities



Last Update
Feb. 18, 2020, 12:30 p.m.
Weakness
Cleartext Transmission of Sensitive Information (CWE-319)
Summary
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
Last Update
Feb. 18, 2020, 12:29 p.m.
Weakness
Improper Restriction of Excessive Authentication Attempts (CWE-307)
Summary
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
Last Update
Feb. 18, 2020, 12:30 p.m.
Weakness
Missing Encryption of Sensitive Data (CWE-311)
Summary
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.
Last Update
Feb. 18, 2020, 12:30 p.m.
Weakness
Insufficiently Protected Credentials (CWE-522)
Summary
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.
Last Update
Feb. 18, 2020, 12:29 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.

Impact

Please check the CVEs for details.

Solution

For all potential vulnerabilities, customers can download a patched firmware to secure their switches properly. Please download and install the latest firmware for your switch by following the procedure below:

Use the link www.weidmueller.com

  • Enter within search field on the web page the product number of the switch you want to update and press “enter”
  • On next page expand the drop-down menu “show downloads”
  • Download the respective firmware from the download table
  • Install the firmware on your switch

Solution for CVE-2019-16672

a.) Solution for vulnerability, valid for switch series IE-SW-VL05M and IE-SW-VL08MT

To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting “https only”.

The respective web interface menu section for this setting can be reached via the following path:

Main Menu > Basic Settings > System: Set the “Web Configuration” to ”https only”

b.) Solution for vulnerability, valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M

To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting “https only”.

The respective web interface menu section for this setting can be reached via the following path:

Main Menu > Basic Settings > System: Set the “Web Configuration” to ”https only”

Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, CVE-2019-16674

Solution for vulnerabilities, valid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, IE-SW-PL09M

After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmüllermüller configuration software named “WM Switch Utility” for Windows OS and to enable an encrypted search service, that will be working with the new “Weidmüllermüller Switch Configuration Utility”. (available soon)

Both services – the encrypted and the unencrypted search service - are enabled by default. To avoid the vulnerabilities referred to in this section the unencrypted search service should be disabled.

The respective web interface menu section for this setting can be reached via the following path:

Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox “Enable Search Service”

Note: After disabling the unencrypted search service the switches can no longer be found or configured with the current “WM Switch Utility”! Web interface settings are not affected by this configuration.

---

Please find below the appropriate patched firmware versions for all affected products.

Product number

Product name

Patched firmware version

1504280000

IE-SW-VL05M-5TX

≥ V3.6.24_Build_19062809

1504310000

IE-SW-VL05MT-5TX

1504330000

IE-SW-VL05M-3TX-2SC

1504350000

IE-SW-VL05MT-3TX-2SC

1504370000

IE-SW-VL05M-3TX-2ST

1504390000

IE-SW-VL05MT-3TX-2ST

1240940000

IE-SW-VL08MT-8TX

≥ V3.5.22_Build_19062810

1240970000

IE-SW-VL08MT-5TX-3SC

1345240000

IE-SW-VL08MT-5TX-1SC-2SCS

1240990000

IE-SW-VL08MT-6TX-2ST

1344770000

IE-SW-VL08MT-6TX-2SC

1241020000

IE-SW-VL08MT-6TX-2SCS

1241040000

IE-SW-PL08M-8TX

≥ V3.3.16_Build_19062811

1286780000

IE-SW-PL08MT-8TX

1241070000

IE-SW-PL08M-6TX-2SC

1286790000

IE-SW-PL08MT-6TX-2SC

1241080000

IE-SW-PL08M-6TX-2ST

1286800000

IE-SW-PL08MT-6TX-2ST

1241090000

IE-SW-PL08M-6TX-2SCS

1286810000

IE-SW-PL08MT-6TX-2SCS

1241290000

IE-SW-PL10M-3GT-7TX

≥ V3.3.24_Build_19062813

1286930000

IE-SW-PL10MT-3GT-7TX

1241300000

IE-SW-PL10M-1GT-2GS-7TX

1286940000

IE-SW-PL10MT-1GT-2GS-7TX

1241100000

IE-SW-PL16M-16TX

≥ V3.4.18_Build_19062814

1286820000

IE-SW-PL16MT-16TX

1241120000

IE-SW-PL16M-14TX-2SC

1286830000

IE-SW-PL16MT-14TX-2SC

1241130000

IE-SW-PL16M-14TX-2ST

1286840000

IE-SW-PL16MT-14TX-2ST

1241320000

IE-SW-PL18M-2GC-16TX

≥ V3.4.30_Build_19062817

1286970000

IE-SW-PL18MT-2GC-16TX

1241330000

IE-SW-PL18M-2GC14TX2SC

1286990000

IE-SW-PL18MT-2GC14TX2SC

1241340000

IE-SW-PL18M-2GC14TX2ST

1287000000

IE-SW-PL18MT-2GC14TX2ST

1241350000

IE-SW-PL18M-2GC14TX2SCS

1287010000

IE-SW-PL18MT-2GC14TX2SCS

1241370000

IE-SW-PL09M-5GC-4GT

≥ V3.3.20_Build_19070111

1287020000

IE-SW-PL09MT-5GC-4GT

For support please contact Weidmüller at www.weidmueller.com/service.

Reported by

Reported by Weidmüller