Weidmueller Industrial Ethernet Switches Missing Authentication Vulnerability Allowing Arbitrary Command Execution
Vulnerability
A vulnerability exists in Weidmueller industrial Ethernet switches due to inadequate authentication on a critical function. This flaw enables unauthenticated remote attackers to execute arbitrary commands, potentially leading to unauthorized uploading or downloading of configuration files and full system compromise. The vulnerability affects several switch models running versions prior to 3.5.36, 3.3.34, 3.4.32, and 3.4.40.
Impact
Exploitation of this vulnerability could result in unauthorized command execution, allowing attackers to manipulate the device's functionality or configuration. Such actions could lead to a complete compromise of the affected system.
Remediation
Users are advised to update to the latest firmware versions. Weidmueller has released patches for all affected products. Consult the Weidmueller advisory VDE-2025-044 for specific update instructions.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.