Weidmueller Industrial Ethernet Switches Authentication Bypass Vulnerability

A vulnerability allowing authentication bypass has been identified in Weidmueller industrial Ethernet switches. This issue arises from flaws in the authorization mechanism, enabling unauthenticated remote attackers to perform brute-force attacks to guess valid credentials or use MD5 collision techniques to forge authentication hashes, potentially compromising the device. Affected products include the E-SW-VL08MT-8TX, IE-SW-PL10M-3GT-7TX, IE-SW-PL10MT-3GT-7TX, IE-SW-PL16M-16TX, IE-SW-PL16MT-16TX, IE-SW-PL18M-2GC-16TX, IE-SW-PL18MT-2GC-16TX, IE-SW-VL05M-5TX, IE-SW-VL05MT-5TX, IE-SW-VL08MT-5TX-1SC-2SCS, IE-SW-VL08MT-6TX-2SC, IE-SW-VL08MT-6TX-2SCS, and IE-SW-VL08MT-6TX-2ST, all running versions prior to the respective fixed versions.

Impact

Exploitation of this vulnerability could lead to unauthorized access and control over the affected device.

Remediation

Users are advised to update to the latest firmware version. Weidmueller has released firmware updates for all affected products. Consult the Weidmueller website or contact their support for guidance on the update process.