MidnightBSD

Advisories for weidmueller

CVE-2019-16670 HIGH

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,

Products Affected

Vendor Product Version
weidmueller ie-sw-pl18m-2gc-16tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2st_firmware *
weidmueller ie-sw-pl08m-6tx-2scs_firmware *
weidmueller ie-sw-pl08m-6tx-2sc_firmware *
weidmueller ie-sw-pl10mt-3gt-7tx_firmware *
weidmueller ie-sw-pl18m-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-8tx_firmware *
weidmueller ie-sw-pl08mt-6tx-2scs_firmware *
weidmueller ie-sw-pl09mt-5gc-4gt_firmware *
weidmueller ie-sw-pl18m-2gc14tx2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-6tx-2st_firmware *
weidmueller ie-sw-pl10m-3gt-7tx_firmware *
weidmueller ie-sw-pl18mt-2gc-16tx_firmware *
weidmueller ie-sw-pl16m-16tx_firmware *
weidmueller ie-sw-pl16m-14tx-2sc_firmware *
weidmueller ie-sw-vl05m-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2scs_firmware *
weidmueller ie-sw-vl05m-3tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2st_firmware *
weidmueller ie-sw-pl18m-2gc14tx2scs_firmware *
weidmueller ie-sw-pl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl08mt-6tx-2st_firmware *
weidmueller ie-sw-vl08mt-5tx-1sc-2scs_firmware *
weidmueller ie-sw-pl08mt-8tx_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2sc_firmware *
weidmueller ie-sw-pl09m-5gc-4gt_firmware *
weidmueller ie-sw-vl05mt-3tx-2st_firmware *
weidmueller ie-sw-vl08mt-8tx_firmware *
weidmueller ie-sw-vl05m-3tx-2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2scs_firmware *
weidmueller ie-sw-pl16mt-16tx_firmware *
weidmueller ie-sw-vl05mt-3tx-2sc_firmware *
weidmueller ie-sw-pl10mt-1gt-2gs-7tx_firmware *
weidmueller ie-sw-pl16m-14tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2sc_firmware *
weidmueller ie-sw-vl08mt-5tx-3sc_firmware *
weidmueller ie-sw-vl05mt-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl10m-1gt-2gs-7tx_firmware *
CVE-2019-16671 MEDIUM

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
weidmueller ie-sw-pl18m-2gc-16tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2st_firmware *
weidmueller ie-sw-pl08m-6tx-2scs_firmware *
weidmueller ie-sw-pl08m-6tx-2sc_firmware *
weidmueller ie-sw-pl10mt-3gt-7tx_firmware *
weidmueller ie-sw-pl18m-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-8tx_firmware *
weidmueller ie-sw-pl08mt-6tx-2scs_firmware *
weidmueller ie-sw-pl09mt-5gc-4gt_firmware *
weidmueller ie-sw-pl18m-2gc14tx2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-6tx-2st_firmware *
weidmueller ie-sw-pl10m-3gt-7tx_firmware *
weidmueller ie-sw-pl18mt-2gc-16tx_firmware *
weidmueller ie-sw-pl16m-16tx_firmware *
weidmueller ie-sw-pl16m-14tx-2sc_firmware *
weidmueller ie-sw-vl05m-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2scs_firmware *
weidmueller ie-sw-vl05m-3tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2st_firmware *
weidmueller ie-sw-pl18m-2gc14tx2scs_firmware *
weidmueller ie-sw-pl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl08mt-6tx-2st_firmware *
weidmueller ie-sw-vl08mt-5tx-1sc-2scs_firmware *
weidmueller ie-sw-pl08mt-8tx_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2sc_firmware *
weidmueller ie-sw-pl09m-5gc-4gt_firmware *
weidmueller ie-sw-vl05mt-3tx-2st_firmware *
weidmueller ie-sw-vl08mt-8tx_firmware *
weidmueller ie-sw-vl05m-3tx-2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2scs_firmware *
weidmueller ie-sw-pl16mt-16tx_firmware *
weidmueller ie-sw-vl05mt-3tx-2sc_firmware *
weidmueller ie-sw-pl10mt-1gt-2gs-7tx_firmware *
weidmueller ie-sw-pl16m-14tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2sc_firmware *
weidmueller ie-sw-vl08mt-5tx-3sc_firmware *
weidmueller ie-sw-vl05mt-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl10m-1gt-2gs-7tx_firmware *
CVE-2019-16672 MEDIUM

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
weidmueller ie-sw-pl18m-2gc-16tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2st_firmware *
weidmueller ie-sw-pl08m-6tx-2scs_firmware *
weidmueller ie-sw-pl08m-6tx-2sc_firmware *
weidmueller ie-sw-pl10mt-3gt-7tx_firmware *
weidmueller ie-sw-pl18m-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-8tx_firmware *
weidmueller ie-sw-pl08mt-6tx-2scs_firmware *
weidmueller ie-sw-pl09mt-5gc-4gt_firmware *
weidmueller ie-sw-pl18m-2gc14tx2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-6tx-2st_firmware *
weidmueller ie-sw-pl10m-3gt-7tx_firmware *
weidmueller ie-sw-pl18mt-2gc-16tx_firmware *
weidmueller ie-sw-pl16m-16tx_firmware *
weidmueller ie-sw-pl16m-14tx-2sc_firmware *
weidmueller ie-sw-vl05m-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2scs_firmware *
weidmueller ie-sw-vl05m-3tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2st_firmware *
weidmueller ie-sw-pl18m-2gc14tx2scs_firmware *
weidmueller ie-sw-pl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl08mt-6tx-2st_firmware *
weidmueller ie-sw-vl08mt-5tx-1sc-2scs_firmware *
weidmueller ie-sw-pl08mt-8tx_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2sc_firmware *
weidmueller ie-sw-pl09m-5gc-4gt_firmware *
weidmueller ie-sw-vl05mt-3tx-2st_firmware *
weidmueller ie-sw-vl08mt-8tx_firmware *
weidmueller ie-sw-vl05m-3tx-2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2scs_firmware *
weidmueller ie-sw-pl16mt-16tx_firmware *
weidmueller ie-sw-vl05mt-3tx-2sc_firmware *
weidmueller ie-sw-pl10mt-1gt-2gs-7tx_firmware *
weidmueller ie-sw-pl16m-14tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2sc_firmware *
weidmueller ie-sw-vl08mt-5tx-3sc_firmware *
weidmueller ie-sw-vl05mt-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl10m-1gt-2gs-7tx_firmware *
CVE-2019-16673 MEDIUM

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
weidmueller ie-sw-pl18m-2gc-16tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2st_firmware *
weidmueller ie-sw-pl08m-6tx-2scs_firmware *
weidmueller ie-sw-pl08m-6tx-2sc_firmware *
weidmueller ie-sw-pl10mt-3gt-7tx_firmware *
weidmueller ie-sw-pl18m-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-8tx_firmware *
weidmueller ie-sw-pl08mt-6tx-2scs_firmware *
weidmueller ie-sw-pl09mt-5gc-4gt_firmware *
weidmueller ie-sw-pl18m-2gc14tx2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-6tx-2st_firmware *
weidmueller ie-sw-pl10m-3gt-7tx_firmware *
weidmueller ie-sw-pl18mt-2gc-16tx_firmware *
weidmueller ie-sw-pl16m-16tx_firmware *
weidmueller ie-sw-pl16m-14tx-2sc_firmware *
weidmueller ie-sw-vl05m-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2scs_firmware *
weidmueller ie-sw-vl05m-3tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2st_firmware *
weidmueller ie-sw-pl18m-2gc14tx2scs_firmware *
weidmueller ie-sw-pl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl08mt-6tx-2st_firmware *
weidmueller ie-sw-vl08mt-5tx-1sc-2scs_firmware *
weidmueller ie-sw-pl08mt-8tx_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2sc_firmware *
weidmueller ie-sw-pl09m-5gc-4gt_firmware *
weidmueller ie-sw-vl05mt-3tx-2st_firmware *
weidmueller ie-sw-vl08mt-8tx_firmware *
weidmueller ie-sw-vl05m-3tx-2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2scs_firmware *
weidmueller ie-sw-pl16mt-16tx_firmware *
weidmueller ie-sw-vl05mt-3tx-2sc_firmware *
weidmueller ie-sw-pl10mt-1gt-2gs-7tx_firmware *
weidmueller ie-sw-pl16m-14tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2sc_firmware *
weidmueller ie-sw-vl08mt-5tx-3sc_firmware *
weidmueller ie-sw-vl05mt-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl10m-1gt-2gs-7tx_firmware *
CVE-2019-16674 MEDIUM

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
weidmueller ie-sw-pl18m-2gc-16tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2st_firmware *
weidmueller ie-sw-pl08m-6tx-2scs_firmware *
weidmueller ie-sw-pl08m-6tx-2sc_firmware *
weidmueller ie-sw-pl10mt-3gt-7tx_firmware *
weidmueller ie-sw-pl18m-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-8tx_firmware *
weidmueller ie-sw-pl08mt-6tx-2scs_firmware *
weidmueller ie-sw-pl09mt-5gc-4gt_firmware *
weidmueller ie-sw-pl18m-2gc14tx2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2st_firmware *
weidmueller ie-sw-pl08m-6tx-2st_firmware *
weidmueller ie-sw-pl10m-3gt-7tx_firmware *
weidmueller ie-sw-pl18mt-2gc-16tx_firmware *
weidmueller ie-sw-pl16m-16tx_firmware *
weidmueller ie-sw-pl16m-14tx-2sc_firmware *
weidmueller ie-sw-vl05m-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2scs_firmware *
weidmueller ie-sw-vl05m-3tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2st_firmware *
weidmueller ie-sw-pl18m-2gc14tx2scs_firmware *
weidmueller ie-sw-pl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl08mt-6tx-2st_firmware *
weidmueller ie-sw-vl08mt-5tx-1sc-2scs_firmware *
weidmueller ie-sw-pl08mt-8tx_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2sc_firmware *
weidmueller ie-sw-pl09m-5gc-4gt_firmware *
weidmueller ie-sw-vl05mt-3tx-2st_firmware *
weidmueller ie-sw-vl08mt-8tx_firmware *
weidmueller ie-sw-vl05m-3tx-2sc_firmware *
weidmueller ie-sw-pl18mt-2gc14tx2scs_firmware *
weidmueller ie-sw-pl16mt-16tx_firmware *
weidmueller ie-sw-vl05mt-3tx-2sc_firmware *
weidmueller ie-sw-pl10mt-1gt-2gs-7tx_firmware *
weidmueller ie-sw-pl16m-14tx-2st_firmware *
weidmueller ie-sw-pl16mt-14tx-2sc_firmware *
weidmueller ie-sw-vl08mt-5tx-3sc_firmware *
weidmueller ie-sw-vl05mt-5tx_firmware *
weidmueller ie-sw-vl08mt-6tx-2sc_firmware *
weidmueller ie-sw-pl10m-1gt-2gs-7tx_firmware *
CVE-2020-12525 MEDIUM

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
wago dtminspector_3 -
emerson rosemount_transmitter_interface_software -
pepperl-fuchs pactware *
weidmueller wi_manager *
wago fdtcontainer_application *
pepperl-fuchs io-link_master_firmware *
wago fdtcontainer_component *
CVE-2021-20999 HIGH

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-668,NVD-CWE-Other,

Products Affected

Vendor Product Version
weidmueller iot-gw30-4g-eu_firmware 1.11.0
weidmueller uc20-wl2000-iot_firmware 1.11.0
weidmueller uc20-wl2000-ac_firmware 1.12.1
weidmueller iot-gw30_firmware 1.12.1
weidmueller uc20-wl2000-iot_firmware *
weidmueller iot-gw30_firmware *
weidmueller iot-gw30-4g-eu_firmware *
weidmueller iot-gw30_firmware 1.11.0
weidmueller uc20-wl2000-ac_firmware *
weidmueller uc20-wl2000-ac_firmware 1.11.0
weidmueller uc20-wl2000-iot_firmware 1.12.1
weidmueller iot-gw30-4g-eu_firmware 1.12.1
CVE-2021-33528 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-710,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33529 MEDIUM

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33530 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33531 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33532 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33533 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33534 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33535 MEDIUM

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33536 MEDIUM

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33537 MEDIUM

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33538 HIGH

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,NVD-CWE-Other,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2021-33539 MEDIUM

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
weidmueller ie-wl-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-us_firmware *
weidmueller ie-wlt-bl-ap-cl-eu_firmware *
weidmueller ie-wl-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-bl-ap-cl-us_firmware *
weidmueller ie-wlt-vl-ap-br-cl-eu_firmware *
weidmueller ie-wlt-vl-ap-br-cl-us_firmware *
weidmueller ie-wl-bl-ap-cl-us_firmware *
CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.

Products Affected

Vendor Product Version
weidmueller iot-gw30_firmware *
weidmueller iot-gw30-4g-eu_firmware *
weidmueller uc20-wl2000-ac_firmware *
weidmueller fp_iot_md01_lan_s2_00000_firmware -
weidmueller fp_iot_md01_4eu_s2_00000_firmware -
weidmueller fp_iot_md01_lan_s2_00011_firmware -
weidmueller fp_iot_md02_4eu_s3_00000_firmware -
weidmueller uc20-wl2000-iot_firmware *
weidmueller 19_iot_md01_lan_h4_s0011_firmware -