多款Weidmueller存在未明漏洞


基本信息

时间: 2020-01-08

风险等级: 高

CNVD: CNVD-2020-01005

原地址: https://www.cnvd.org.cn/flaw/show/CNVD-2020-01005


描述
WeidmuellerIE-SW-VL05M-5TX等都是德国Weidmueller公司的一款工业以太网交换机。多款Weidmueller产品中存在安全漏洞,该漏洞源于身份验证机制未能进行暴力破解保护,攻击者可利用该漏洞实施暴力破解攻击。
产品
WeidmuellerIE-SW-PL18MT-2GC14TX2ST<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2SCS<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC14TX2SCS<=3.4.4Build16102416WeidmuellerIE-SW-PL09M-5GC-4GT<=3.3.4Build16102416WeidmuellerIE-SW-PL09MT-5GC-4GT<=3.3.4Build16102416WeidmuellerIE-SW-PL08MT-8TX<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2SC<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2SC<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2ST<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2ST<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2SCS<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2SCS<=3.3.8Build16102416WeidmuellerIE-SW-PL10M-3GT-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10MT-3GT-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10M-1GT-2GS-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10MT-1GT-2GS-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL16M-16TX<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-16TX<=3.4.2Build16102416WeidmuellerIE-SW-PL16M-14TX-2SC<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-14TX-2SC<=3.4.2Build16102416WeidmuellerIE-SW-PL16M-14TX-2ST<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-14TX-2ST<=3.4.2Build16102416WeidmuellerIE-SW-PL18M-2GC-16TX<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC-16TX<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2SC<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC14TX2SC<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2ST<=3.4.4Build16102416WeidmuellerIE-SW-PL08M-8TX<=3.3.8Build16102416WeidmuellerIE-SW-VL05M-5TX<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-5TX<=3.6.6Build16102415WeidmuellerIE-SW-VL05M-3TX-2SC<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-3TX-2SC<=3.6.6Build16102415WeidmuellerIE-SW-VL05M-3TX-2ST<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-3TX-2ST<=3.6.6Build16102415WeidmuellerIE-SW-VL08MT-8TX<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-5TX-3SC<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-5TX-1SC-2SCS<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2ST<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2SC<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2SCS<=3.5.2Build16102415
解决方案
厂商已发布了漏洞修复程序,请及时关注更新:https://www.weidmueller.com
CVE
CVE-2019-16670
补丁
多款Weidmueller存在未明漏洞的补丁
来源
https://www.us-cert.gov/ics/advisories/icsa-19-339-02