Weidmueller Industrial Ethernet Switches Denial-of-Service Vulnerability in Web Server Functionality

A denial-of-service vulnerability has been identified in the web server functionality of certain Weidmueller industrial Ethernet switches. This vulnerability allows an unauthenticated remote attacker to cause the web server to crash or become unresponsive by sending a specially crafted HTTP request with a malicious header. The affected products include the E-SW-VL08MT-8TX, IE-SW-PL10M-3GT-7TX, IE-SW-PL10MT-3GT-7TX, IE-SW-PL16M-16TX, IE-SW-PL16MT-16TX, IE-SW-PL18M-2GC-16TX, IE-SW-PL18MT-2GC-16TX, IE-SW-VL05M-5TX, IE-SW-VL05MT-5TX, IE-SW-VL08MT-5TX-1SC-2SCS, IE-SW-VL08MT-6TX-2SC, IE-SW-VL08MT-6TX-2SCS, and IE-SW-VL08MT-6TX-2ST, all prior to specific versions.

Impact

Exploitation of this vulnerability can lead to the device's web server crashing or becoming unresponsive, causing a denial-of-service condition.

Remediation

Users are advised to update to the latest version as listed in the Weidmueller advisory VDE-2025-044. General recommendations include minimizing network exposure of the products and limiting access to trusted networks.