CVE-2019-16670

Q: What is the severity of CVE-2019-16670?

CVE-2019-16670 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to perform unlimited password guessing attempts against Weidmueller industrial network switches due to lack of brute-force protection. Attackers can gain administrative access to these critical infrastructure devices, potentially compromising industrial control systems. Organizations using affected Weidmueller IE-SW series switches are at risk.

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to perform unlimited password guessing attempts against Weidmueller industrial network switches due to lack of brute-force protection. Attackers can gain administrative access to these critical infrastructure devices, potentially compromising industrial control systems. Organizations using affected Weidmueller IE-SW series switches are at risk.

💻 Affected Systems

Products:

Weidmueller IE-SW-VL05M
Weidmueller IE-SW-VL08MT
Weidmueller IE-SW-PL10M

Versions: Specific builds: IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, IE-SW-PL10M 3.3.16 Build 16102416

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: These are industrial Ethernet switches used in critical infrastructure and manufacturing environments.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial network switches leading to disruption of critical infrastructure operations, data exfiltration, or manipulation of industrial processes.

🟠

Likely Case

Unauthorized administrative access to network switches enabling network reconnaissance, traffic interception, or lateral movement within industrial networks.

🟢

If Mitigated

Limited impact with proper network segmentation, strong passwords, and monitoring for authentication attempts.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can remotely brute-force credentials without rate limiting.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only standard HTTP requests to the web interface with no special tools. Attackers can use common brute-force tools like Hydra or Burp Suite.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Weidmueller for updated firmware versions

Vendor Advisory: https://cert.vde.com/en-us/advisories/vde-2019-018

Restart Required: Yes

Instructions:

1. Contact Weidmueller support for updated firmware. 2. Backup current configuration. 3. Upload new firmware via web interface or console. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected switches in dedicated VLANs with strict firewall rules limiting access to management interfaces.

Strong Password Enforcement

all

Implement complex passwords (14+ characters, mixed case, numbers, symbols) to increase brute-force difficulty.

🧯 If You Can't Patch

Implement network-based rate limiting using firewalls or IPS to block excessive authentication attempts
Deploy network monitoring with alerts for multiple failed login attempts from single sources

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface (System > Device Information) or console. Compare against affected builds listed in advisory.

Check Version:

Via web interface or console: show version

Verify Fix Applied:

After patching, verify firmware version is updated and test that rapid authentication attempts trigger account lockout or delay mechanisms.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from single IP address
Successful login after many failed attempts
Authentication logs showing no account lockouts

Network Indicators:

High volume of HTTP POST requests to login endpoints
Traffic patterns showing systematic password guessing

SIEM Query:

source="switch_logs" AND (event_type="authentication_failure" COUNT BY src_ip OVER 5m > 10)

📊 Metadata

CVE ID: CVE-2019-16670

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-307

Published: December 6, 2019

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/en-us/advisories Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2019-018 Third Party Advisory
https://mdcop.weidmueller.com/mediadelivery/asset/900_102694 Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-339-02 Third Party Advisory
https://cert.vde.com/en-us/advisories Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2019-018 Third Party Advisory
https://mdcop.weidmueller.com/mediadelivery/asset/900_102694 Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-339-02 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ie Sw Pl08m 6tx 2sc Firmware by Weidmueller

Ie Sw Pl08m 6tx 2scs Firmware by Weidmueller

Ie Sw Pl08m 6tx 2st Firmware by Weidmueller

Ie Sw Pl08m 8tx Firmware by Weidmueller

Ie Sw Pl08mt 6tx 2sc Firmware by Weidmueller

Ie Sw Pl08mt 6tx 2scs Firmware by Weidmueller

Ie Sw Pl08mt 6tx 2st Firmware by Weidmueller

Ie Sw Pl08mt 8tx Firmware by Weidmueller

Ie Sw Pl09m 5gc 4gt Firmware by Weidmueller

Ie Sw Pl09mt 5gc 4gt Firmware by Weidmueller

Ie Sw Pl10m 1gt 2gs 7tx Firmware by Weidmueller

Ie Sw Pl10m 3gt 7tx Firmware by Weidmueller

Ie Sw Pl10mt 1gt 2gs 7tx Firmware by Weidmueller

Ie Sw Pl10mt 3gt 7tx Firmware by Weidmueller

Ie Sw Pl16m 14tx 2sc Firmware by Weidmueller

Ie Sw Pl16m 14tx 2st Firmware by Weidmueller

Ie Sw Pl16m 16tx Firmware by Weidmueller

Ie Sw Pl16mt 14tx 2sc Firmware by Weidmueller

Ie Sw Pl16mt 14tx 2st Firmware by Weidmueller

Ie Sw Pl16mt 16tx Firmware by Weidmueller

Ie Sw Pl18m 2gc 16tx Firmware by Weidmueller

Ie Sw Pl18m 2gc14tx2sc Firmware by Weidmueller

Ie Sw Pl18m 2gc14tx2scs Firmware by Weidmueller

Ie Sw Pl18m 2gc14tx2st Firmware by Weidmueller

Ie Sw Pl18mt 2gc 16tx Firmware by Weidmueller

Ie Sw Pl18mt 2gc14tx2sc Firmware by Weidmueller

Ie Sw Pl18mt 2gc14tx2scs Firmware by Weidmueller

Ie Sw Pl18mt 2gc14tx2st Firmware by Weidmueller

Ie Sw Vl05m 3tx 2sc Firmware by Weidmueller

Ie Sw Vl05m 3tx 2st Firmware by Weidmueller

Ie Sw Vl05m 5tx Firmware by Weidmueller

Ie Sw Vl05mt 3tx 2sc Firmware by Weidmueller

Ie Sw Vl05mt 3tx 2st Firmware by Weidmueller

Ie Sw Vl05mt 5tx Firmware by Weidmueller

Ie Sw Vl08mt 5tx 1sc 2scs Firmware by Weidmueller

Ie Sw Vl08mt 5tx 3sc Firmware by Weidmueller

Ie Sw Vl08mt 6tx 2sc Firmware by Weidmueller

Ie Sw Vl08mt 6tx 2scs Firmware by Weidmueller

Ie Sw Vl08mt 6tx 2st Firmware by Weidmueller

Ie Sw Vl08mt 8tx Firmware by Weidmueller