CVE-2019-16674
First published: Fri Dec 06 2019(Updated: )
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Weidmueller Ie-sw-pl09m-5gc-4gt | <=3.3.4 | |
| Weidmueller Ie-sw-pl09m-5gc-4gt Firmware | ||
| Weidmueller Ie-sw-pl09mt-5gc-4gt | <=3.3.4 | |
| Weidmueller Ie-sw-pl09m-5gc-4gt | ||
| Weidmueller Ie-sw-pl18m-2gc-16tx | <=3.4.4 | |
| Weidmueller Ie-sw-pl18m-2gc-16tx Firmware | ||
| Weidmueller Ie-sw-pl18mt-2gc-16tx | <=3.4.4 | |
| Weidmueller Ie-sw-pl18mt-2gc-16tx Firmware | ||
| Weidmueller Ie-sw-pl18m-2gc14tx2sc Firmware | <=3.4.4 | |
| Weidmueller Ie-sw-pl18m-2gc14tx2sc Firmware | ||
| Weidmueller Ie-sw-pl18mt-2gc14tx2scs Firmware | <=3.4.4 | |
| Weidmueller Ie-sw-pl18mt-2gc14tx2sc Firmware | ||
| Weidmueller Ie-sw-pl18mt-2gc14tx2st Firmware | <=3.4.4 | |
| Weidmueller Ie-sw-pl18m-2gc14tx2st Firmware | ||
| Weidmueller Ie-sw-pl18mt-2gc14tx2st Firmware | <=3.4.4 | |
| Weidmueller Ie-sw-pl18mt-2gc14tx2st Firmware | ||
| Weidmueller Ie-sw-pl18mt-2gc14tx2scs | <=3.4.4 | |
| Weidmueller Ie-sw-pl18mt-2gc14tx2scs | ||
| Weidmueller Ie-sw-pl18mt-2gc14tx2scs | <=3.4.4 | |
| Weidmueller Ie-sw-pl18mt-2gc14tx2scs Firmware | ||
| Weidmueller Ie-sw-pl16mt-16tx Firmware | <=3.4.2 | |
| Weidmueller Ie-sw-pl16m-16tx Firmware | ||
| Weidmueller Ie-sw-pl16mt-16tx | <=3.4.2 | |
| Weidmueller Ie-sw-pl16mt-16tx Firmware | ||
| Weidmueller Ie-sw-pl16m-14tx-2sc Firmware | <=3.4.2 | |
| Weidmueller Ie-sw-pl16m-14tx-2sc Firmware | ||
| Weidmueller Ie-sw-pl16mt-14tx-2sc Firmware | <=3.4.2 | |
| Weidmueller Ie-sw-pl16mt-14tx-2sc Firmware | ||
| Weidmueller Ie-sw-pl16mt-14tx-2st | <=3.4.2 | |
| Weidmueller Ie-sw-pl16m-14tx-2st Firmware | ||
| Weidmueller Ie-sw-pl16mt-14tx-2st | <=3.4.2 | |
| Weidmueller Ie-sw-pl16mt-14tx-2st Firmware | ||
| Weidmueller Ie-sw-vl05m-5tx | <=3.6.6 | |
| Weidmueller Ie-sw-vl05m-5tx Firmware | ||
| Weidmueller Ie-sw-vl05mt-5tx | <=3.6.6 | |
| Weidmueller Ie-sw-vl05mt-5tx Firmware | ||
| Weidmueller Ie-sw-vl05m-3tx-2sc | <=3.6.6 | |
| Weidmueller Ie-sw-vl05m-3tx-2sc Firmware | ||
| Weidmueller Ie-sw-vl05mt-3tx-2sc Firmware | <=3.6.6 | |
| Weidmueller Ie-sw-vl05mt-3tx-2sc Firmware | ||
| Weidmueller Ie-sw-vl05mt-3tx-2st | <=3.6.6 | |
| Weidmueller Ie-sw-vl05m-3tx-2st Firmware | ||
| Weidmueller Ie-sw-vl05mt-3tx-2st | <=3.6.6 | |
| Weidmueller Ie-sw-vl05mt-3tx-2st Firmware | ||
| Weidmueller Ie-sw-vl08mt Firmware | <=3.5.2 | |
| Weidmueller Ie-sw-vl08mt-8tx Firmware | ||
| Weidmueller Ie-sw-vl08mt-5tx-3sc | <=3.5.2 | |
| Weidmueller IE-SW-VL08MT-5TX-3SC Firmware | ||
| Weidmueller IE-SW-VL08MT-5TX-1SC | <=3.5.2 | |
| Weidmueller IE-SW-VL08MT-5TX-1SC | ||
| Weidmueller Ie-sw-vl08mt-6tx-2st | <=3.5.2 | |
| Weidmueller Ie-sw-vl08mt-6tx-2st Firmware | ||
| Weidmueller Ie-sw-vl08mt-6tx-2sc | <=3.5.2 | |
| Weidmueller Ie-sw-vl08mt-6tx-2sc Firmware | ||
| Weidmueller Ie-sw-vl08mt-6tx-2scs Firmware | <=3.5.2 | |
| Weidmueller Ie-sw-vl08mt-6tx-2scs Firmware | ||
| Weidmueller Ie-sw-pl08m-8tx | <=3.3.8 | |
| Weidmueller Ie-sw-pl08m-8tx | ||
| Weidmueller Ie-sw-pl08mt-8tx | <=3.3.8 | |
| Weidmueller Ie-sw-pl08mt-8tx Firmware | ||
| Weidmueller Ie-sw-pl08m-6tx-2scs Firmware | <=3.3.8 | |
| Weidmueller Ie-sw-pl08m-6tx-2sc Firmware | ||
| Weidmueller Ie-sw-pl08mt-6tx-2sc Firmware | <=3.3.8 | |
| Weidmueller Ie-sw-pl08mt-6tx-2sc Firmware | ||
| Weidmueller Ie-sw-pl08m-6tx-2st | <=3.3.8 | |
| Weidmueller Ie-sw-pl08m-6tx-2st Firmware | ||
| Weidmueller Ie-sw-pl08mt-6tx-2st | <=3.3.8 | |
| Weidmueller Ie-sw-pl08mt-6tx-2st Firmware | ||
| Weidmueller Ie-sw-pl08m-6tx-2st | <=3.3.8 | |
| Weidmueller Ie-sw-pl08m-6tx-2scs Firmware | ||
| Weidmueller Ie-sw-pl08mt-6tx-2scs Firmware | <=3.3.8 | |
| Weidmueller Ie-sw-pl08mt-6tx-2scs Firmware | ||
| Weidmueller IE-SW-PL10MT-3GT-7TX | <=3.3.16 | |
| Weidmueller Ie-sw-pl10m-3gt-7tx Firmware | ||
| Weidmueller IE-SW-PL10MT-3GT-7TX | <=3.3.16 | |
| Weidmueller IE-SW-PL10MT-3GT-7TX | ||
| Weidmueller IE-SW-PL10M-1GT-2GS-7TX | <=3.3.16 | |
| Weidmueller IE-SW-PL10M-1GT-2GS-7TX Firmware | ||
| Weidmueller IE-SW-PL10MT-1GT-2GS-7TX | <=3.3.16 | |
| Weidmueller IE-SW-PL10M-1GT-2GS-7TX |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-16674?
CVE-2019-16674 has been classified with high severity due to its potential for admin password compromise.
How do I fix CVE-2019-16674?
To fix CVE-2019-16674, update the affected Weidmueller devices to the latest firmware version that resolves the predictability in authentication information.
Which devices are affected by CVE-2019-16674?
Devices affected by CVE-2019-16674 include Weidmueller IE-SW-VL05M, IE-SW-VL08MT, and IE-SW-PL10M with specific firmware builds.
What can be exploited due to CVE-2019-16674?
CVE-2019-16674 can be exploited by capturing predictable authentication cookies on the network, leading to unauthorized access.
Is there a workaround for CVE-2019-16674 if an update can't be immediately applied?
A temporary workaround for CVE-2019-16674 includes restricting network access to the affected devices to limit exposure until a firmware update can be applied.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/weidmueller
- canonical/weidmueller ie-sw-pl09m-5gc-4gt
- version/weidmueller ie-sw-pl09m-5gc-4gt/3.3.4
- canonical/weidmueller ie-sw-pl09m-5gc-4gt firmware
- canonical/weidmueller ie-sw-pl09mt-5gc-4gt
- version/weidmueller ie-sw-pl09mt-5gc-4gt/3.3.4
- canonical/weidmueller ie-sw-pl18m-2gc-16tx
- version/weidmueller ie-sw-pl18m-2gc-16tx/3.4.4
- canonical/weidmueller ie-sw-pl18m-2gc-16tx firmware
- canonical/weidmueller ie-sw-pl18mt-2gc-16tx
- version/weidmueller ie-sw-pl18mt-2gc-16tx/3.4.4
- canonical/weidmueller ie-sw-pl18mt-2gc-16tx firmware
- canonical/weidmueller ie-sw-pl18m-2gc14tx2sc firmware
- version/weidmueller ie-sw-pl18m-2gc14tx2sc firmware/3.4.4
- canonical/weidmueller ie-sw-pl18mt-2gc14tx2scs firmware
- version/weidmueller ie-sw-pl18mt-2gc14tx2scs firmware/3.4.4
- canonical/weidmueller ie-sw-pl18mt-2gc14tx2sc firmware
- canonical/weidmueller ie-sw-pl18mt-2gc14tx2st firmware
- version/weidmueller ie-sw-pl18mt-2gc14tx2st firmware/3.4.4
- canonical/weidmueller ie-sw-pl18m-2gc14tx2st firmware
- canonical/weidmueller ie-sw-pl18mt-2gc14tx2scs
- version/weidmueller ie-sw-pl18mt-2gc14tx2scs/3.4.4
- canonical/weidmueller ie-sw-pl16mt-16tx firmware
- version/weidmueller ie-sw-pl16mt-16tx firmware/3.4.2
- canonical/weidmueller ie-sw-pl16m-16tx firmware
- canonical/weidmueller ie-sw-pl16mt-16tx
- version/weidmueller ie-sw-pl16mt-16tx/3.4.2
- canonical/weidmueller ie-sw-pl16m-14tx-2sc firmware
- version/weidmueller ie-sw-pl16m-14tx-2sc firmware/3.4.2
- canonical/weidmueller ie-sw-pl16mt-14tx-2sc firmware
- version/weidmueller ie-sw-pl16mt-14tx-2sc firmware/3.4.2
- canonical/weidmueller ie-sw-pl16mt-14tx-2st
- version/weidmueller ie-sw-pl16mt-14tx-2st/3.4.2
- canonical/weidmueller ie-sw-pl16m-14tx-2st firmware
- canonical/weidmueller ie-sw-pl16mt-14tx-2st firmware
- canonical/weidmueller ie-sw-vl05m-5tx
- version/weidmueller ie-sw-vl05m-5tx/3.6.6
- canonical/weidmueller ie-sw-vl05m-5tx firmware
- canonical/weidmueller ie-sw-vl05mt-5tx
- version/weidmueller ie-sw-vl05mt-5tx/3.6.6
- canonical/weidmueller ie-sw-vl05mt-5tx firmware
- canonical/weidmueller ie-sw-vl05m-3tx-2sc
- version/weidmueller ie-sw-vl05m-3tx-2sc/3.6.6
- canonical/weidmueller ie-sw-vl05m-3tx-2sc firmware
- canonical/weidmueller ie-sw-vl05mt-3tx-2sc firmware
- version/weidmueller ie-sw-vl05mt-3tx-2sc firmware/3.6.6
- canonical/weidmueller ie-sw-vl05mt-3tx-2st
- version/weidmueller ie-sw-vl05mt-3tx-2st/3.6.6
- canonical/weidmueller ie-sw-vl05m-3tx-2st firmware
- canonical/weidmueller ie-sw-vl05mt-3tx-2st firmware
- canonical/weidmueller ie-sw-vl08mt firmware
- version/weidmueller ie-sw-vl08mt firmware/3.5.2
- canonical/weidmueller ie-sw-vl08mt-8tx firmware
- canonical/weidmueller ie-sw-vl08mt-5tx-3sc
- version/weidmueller ie-sw-vl08mt-5tx-3sc/3.5.2
- canonical/weidmueller ie-sw-vl08mt-5tx-3sc firmware
- canonical/weidmueller ie-sw-vl08mt-5tx-1sc
- version/weidmueller ie-sw-vl08mt-5tx-1sc/3.5.2
- canonical/weidmueller ie-sw-vl08mt-6tx-2st
- version/weidmueller ie-sw-vl08mt-6tx-2st/3.5.2
- canonical/weidmueller ie-sw-vl08mt-6tx-2st firmware
- canonical/weidmueller ie-sw-vl08mt-6tx-2sc
- version/weidmueller ie-sw-vl08mt-6tx-2sc/3.5.2
- canonical/weidmueller ie-sw-vl08mt-6tx-2sc firmware
- canonical/weidmueller ie-sw-vl08mt-6tx-2scs firmware
- version/weidmueller ie-sw-vl08mt-6tx-2scs firmware/3.5.2
- canonical/weidmueller ie-sw-pl08m-8tx
- version/weidmueller ie-sw-pl08m-8tx/3.3.8
- canonical/weidmueller ie-sw-pl08mt-8tx
- version/weidmueller ie-sw-pl08mt-8tx/3.3.8
- canonical/weidmueller ie-sw-pl08mt-8tx firmware
- canonical/weidmueller ie-sw-pl08m-6tx-2scs firmware
- version/weidmueller ie-sw-pl08m-6tx-2scs firmware/3.3.8
- canonical/weidmueller ie-sw-pl08m-6tx-2sc firmware
- canonical/weidmueller ie-sw-pl08mt-6tx-2sc firmware
- version/weidmueller ie-sw-pl08mt-6tx-2sc firmware/3.3.8
- canonical/weidmueller ie-sw-pl08m-6tx-2st
- version/weidmueller ie-sw-pl08m-6tx-2st/3.3.8
- canonical/weidmueller ie-sw-pl08m-6tx-2st firmware
- canonical/weidmueller ie-sw-pl08mt-6tx-2st
- version/weidmueller ie-sw-pl08mt-6tx-2st/3.3.8
- canonical/weidmueller ie-sw-pl08mt-6tx-2st firmware
- canonical/weidmueller ie-sw-pl08mt-6tx-2scs firmware
- version/weidmueller ie-sw-pl08mt-6tx-2scs firmware/3.3.8
- canonical/weidmueller ie-sw-pl10mt-3gt-7tx
- version/weidmueller ie-sw-pl10mt-3gt-7tx/3.3.16
- canonical/weidmueller ie-sw-pl10m-3gt-7tx firmware
- canonical/weidmueller ie-sw-pl10m-1gt-2gs-7tx
- version/weidmueller ie-sw-pl10m-1gt-2gs-7tx/3.3.16
- canonical/weidmueller ie-sw-pl10m-1gt-2gs-7tx firmware
- canonical/weidmueller ie-sw-pl10mt-1gt-2gs-7tx
- version/weidmueller ie-sw-pl10mt-1gt-2gs-7tx/3.3.16