CVE-2019-16670
high-risk
Published 2019-12-06
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
Do I need to act?
-
0.58% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Ie-Sw-Pl09M-5Gc-4Gt Firmware
Ie-Sw-Pl09Mt-5Gc-4Gt Firmware
Ie-Sw-Pl18M-2Gc-16Tx Firmware
Ie-Sw-Pl18Mt-2Gc-16Tx Firmware
Ie-Sw-Pl18M-2Gc14Tx2Sc Firmware
Ie-Sw-Pl18Mt-2Gc14Tx2Sc Firmware
Ie-Sw-Pl18M-2Gc14Tx2St Firmware
Ie-Sw-Pl18Mt-2Gc14Tx2St Firmware
Ie-Sw-Pl18M-2Gc14Tx2Scs Firmware
Ie-Sw-Pl18Mt-2Gc14Tx2Scs Firmware
Ie-Sw-Pl16M-16Tx Firmware
Ie-Sw-Pl16Mt-16Tx Firmware
Ie-Sw-Pl16M-14Tx-2Sc Firmware
Ie-Sw-Pl16Mt-14Tx-2Sc Firmware
Ie-Sw-Pl16M-14Tx-2St Firmware
Ie-Sw-Pl16Mt-14Tx-2St Firmware
Ie-Sw-Vl05M-5Tx Firmware
Ie-Sw-Vl05Mt-5Tx Firmware
Ie-Sw-Vl05M-3Tx-2Sc Firmware
Ie-Sw-Vl05Mt-3Tx-2Sc Firmware
Affected Vendors
References (8)
Third Party Advisory
https://cert.vde.com/en-us/advisories
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2019-018
Vendor Advisory
https://mdcop.weidmueller.com/mediadelivery/asset/900_102694
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-339-02
Third Party Advisory
https://cert.vde.com/en-us/advisories
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2019-018
Vendor Advisory
https://mdcop.weidmueller.com/mediadelivery/asset/900_102694
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-339-02
58
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
24/34 · High