CVE-2019-16671

high-risk

Published 2019-12-06

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.

Do I need to act?

1.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Ie-Sw-Pl09M-5Gc-4Gt Firmware

Ie-Sw-Pl09Mt-5Gc-4Gt Firmware

Ie-Sw-Pl18M-2Gc-16Tx Firmware

Ie-Sw-Pl18Mt-2Gc-16Tx Firmware

Ie-Sw-Pl18M-2Gc14Tx2Sc Firmware

Ie-Sw-Pl18Mt-2Gc14Tx2Sc Firmware

Ie-Sw-Pl18M-2Gc14Tx2St Firmware

Ie-Sw-Pl18Mt-2Gc14Tx2St Firmware

Ie-Sw-Pl18M-2Gc14Tx2Scs Firmware

Ie-Sw-Pl18Mt-2Gc14Tx2Scs Firmware

Ie-Sw-Pl16M-16Tx Firmware

Ie-Sw-Pl16Mt-16Tx Firmware

Ie-Sw-Pl16M-14Tx-2Sc Firmware

Ie-Sw-Pl16Mt-14Tx-2Sc Firmware

Ie-Sw-Pl16M-14Tx-2St Firmware

Ie-Sw-Pl16Mt-14Tx-2St Firmware

Ie-Sw-Vl05M-5Tx Firmware

Ie-Sw-Vl05Mt-5Tx Firmware

Ie-Sw-Vl05M-3Tx-2Sc Firmware

Ie-Sw-Vl05Mt-3Tx-2Sc Firmware

Affected Vendors

Weidmueller

References (8)

Third Party Advisory https://cert.vde.com/en-us/advisories

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2019-018

Vendor Advisory https://mdcop.weidmueller.com/mediadelivery/asset/900_102694

Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-19-339-02

Third Party Advisory https://cert.vde.com/en-us/advisories

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2019-018

Vendor Advisory https://mdcop.weidmueller.com/mediadelivery/asset/900_102694

Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-19-339-02

/ 100

high-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 24/34 · High