多款Weidmueller产品信息泄露漏洞(CNVD-2020-01004)


基本信息

时间: 2020-01-08

风险等级: 中

CNVD: CNVD-2020-01004

原地址: https://www.cnvd.org.cn/flaw/show/CNVD-2020-01004


描述
WeidmuellerIE-SW-VL05M-5TX等都是德国Weidmueller公司的一款工业以太网交换机。多款Weidmueller产品中存在信息泄露漏洞,该漏洞源于程序以明文的形式传递敏感的凭证数据。攻击者可利用该漏洞获取凭证数据。
产品
WeidmuellerIE-SW-PL18MT-2GC14TX2ST<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2SCS<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC14TX2SCS<=3.4.4Build16102416WeidmuellerIE-SW-PL09M-5GC-4GT<=3.3.4Build16102416WeidmuellerIE-SW-PL09MT-5GC-4GT<=3.3.4Build16102416WeidmuellerIE-SW-PL08MT-8TX<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2SC<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2SC<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2ST<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2ST<=3.3.8Build16102416WeidmuellerIE-SW-PL08M-6TX-2SCS<=3.3.8Build16102416WeidmuellerIE-SW-PL08MT-6TX-2SCS<=3.3.8Build16102416WeidmuellerIE-SW-PL10M-3GT-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10MT-3GT-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10M-1GT-2GS-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL10MT-1GT-2GS-7TX<=3.3.16Build16102416WeidmuellerIE-SW-PL16M-16TX<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-16TX<=3.4.2Build16102416WeidmuellerIE-SW-PL16M-14TX-2SC<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-14TX-2SC<=3.4.2Build16102416WeidmuellerIE-SW-PL16M-14TX-2ST<=3.4.2Build16102416WeidmuellerIE-SW-PL16MT-14TX-2ST<=3.4.2Build16102416WeidmuellerIE-SW-PL18M-2GC-16TX<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC-16TX<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2SC<=3.4.4Build16102416WeidmuellerIE-SW-PL18MT-2GC14TX2SC<=3.4.4Build16102416WeidmuellerIE-SW-PL18M-2GC14TX2ST<=3.4.4Build16102416WeidmuellerIE-SW-PL08M-8TX<=3.3.8Build16102416WeidmuellerIE-SW-VL05M-5TX<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-5TX<=3.6.6Build16102415WeidmuellerIE-SW-VL05M-3TX-2SC<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-3TX-2SC<=3.6.6Build16102415WeidmuellerIE-SW-VL05M-3TX-2ST<=3.6.6Build16102415WeidmuellerIE-SW-VL05MT-3TX-2ST<=3.6.6Build16102415WeidmuellerIE-SW-VL08MT-8TX<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-5TX-3SC<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-5TX-1SC-2SCS<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2ST<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2SC<=3.5.2Build16102415WeidmuellerIE-SW-VL08MT-6TX-2SCS<=3.5.2Build16102415
解决方案
厂商已发布了漏洞修复程序,请及时关注更新:https://www.weidmueller.com
CVE
CVE-2019-16672
补丁
多款Weidmueller产品信息泄露漏洞(CNVD-2020-01004)的补丁
来源
https://www.us-cert.gov/ics/advisories/icsa-19-339-02