Login Sign Up

CVE-2019-16672

9.8 CRITICAL

📋 TL;DR

This vulnerability allows attackers to intercept sensitive credentials transmitted in cleartext on affected Weidmueller industrial switches. Attackers on the same network can capture authentication data, potentially gaining unauthorized access to network infrastructure. Organizations using Weidmueller IE-SW-VL05M, IE-SW-VL08MT, or IE-SW-PL10M devices with specific firmware versions are affected.

💻 Affected Systems

Products:
  • Weidmueller IE-SW-VL05M
  • Weidmueller IE-SW-VL08MT
  • Weidmueller IE-SW-PL10M
Versions: IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, IE-SW-PL10M 3.3.16 Build 16102416
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with these specific firmware versions transmit credentials in cleartext by default.

📦 What is this software?

Ie Sw Pl08m 6tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08m 6tx 2sc Firmware →

Ie Sw Pl08m 6tx 2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08m 6tx 2scs Firmware →

Ie Sw Pl08m 6tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08m 6tx 2st Firmware →

Ie Sw Pl08m 8tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08m 8tx Firmware →

Ie Sw Pl08mt 6tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08mt 6tx 2sc Firmware →

Ie Sw Pl08mt 6tx 2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08mt 6tx 2scs Firmware →

Ie Sw Pl08mt 6tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08mt 6tx 2st Firmware →

Ie Sw Pl08mt 8tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl08mt 8tx Firmware →

Ie Sw Pl09m 5gc 4gt Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl09m 5gc 4gt Firmware →

Ie Sw Pl09mt 5gc 4gt Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl09mt 5gc 4gt Firmware →

Ie Sw Pl10m 1gt 2gs 7tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl10m 1gt 2gs 7tx Firmware →

Ie Sw Pl10m 3gt 7tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl10m 3gt 7tx Firmware →

Ie Sw Pl10mt 1gt 2gs 7tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl10mt 1gt 2gs 7tx Firmware →

Ie Sw Pl10mt 3gt 7tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl10mt 3gt 7tx Firmware →

Ie Sw Pl16m 14tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16m 14tx 2sc Firmware →

Ie Sw Pl16m 14tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16m 14tx 2st Firmware →

Ie Sw Pl16m 16tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16m 16tx Firmware →

Ie Sw Pl16mt 14tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16mt 14tx 2sc Firmware →

Ie Sw Pl16mt 14tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16mt 14tx 2st Firmware →

Ie Sw Pl16mt 16tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl16mt 16tx Firmware →

Ie Sw Pl18m 2gc 16tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18m 2gc 16tx Firmware →

Ie Sw Pl18m 2gc14tx2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18m 2gc14tx2sc Firmware →

Ie Sw Pl18m 2gc14tx2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18m 2gc14tx2scs Firmware →

Ie Sw Pl18m 2gc14tx2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18m 2gc14tx2st Firmware →

Ie Sw Pl18mt 2gc 16tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18mt 2gc 16tx Firmware →

Ie Sw Pl18mt 2gc14tx2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18mt 2gc14tx2sc Firmware →

Ie Sw Pl18mt 2gc14tx2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18mt 2gc14tx2scs Firmware →

Ie Sw Pl18mt 2gc14tx2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Pl18mt 2gc14tx2st Firmware →

Ie Sw Vl05m 3tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05m 3tx 2sc Firmware →

Ie Sw Vl05m 3tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05m 3tx 2st Firmware →

Ie Sw Vl05m 5tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05m 5tx Firmware →

Ie Sw Vl05mt 3tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05mt 3tx 2sc Firmware →

Ie Sw Vl05mt 3tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05mt 3tx 2st Firmware →

Ie Sw Vl05mt 5tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl05mt 5tx Firmware →

Ie Sw Vl08mt 5tx 1sc 2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 5tx 1sc 2scs Firmware →

Ie Sw Vl08mt 5tx 3sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 5tx 3sc Firmware →

Ie Sw Vl08mt 6tx 2sc Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 6tx 2sc Firmware →

Ie Sw Vl08mt 6tx 2scs Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 6tx 2scs Firmware →

Ie Sw Vl08mt 6tx 2st Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 6tx 2st Firmware →

Ie Sw Vl08mt 8tx Firmware by Weidmueller

View all CVEs affecting Ie Sw Vl08mt 8tx Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to industrial switches, enabling network disruption, traffic interception, or lateral movement to critical industrial control systems.

🟠

Likely Case

Attackers capture credentials and gain unauthorized access to network devices, potentially modifying configurations or monitoring traffic.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential exposure requiring additional steps for exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access but no authentication. Attackers can use standard network sniffing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Weidmueller for updated firmware

Vendor Advisory: https://cert.vde.com/en-us/advisories/vde-2019-018

Restart Required: Yes

Instructions:

1. Contact Weidmueller support for updated firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify encryption is enabled for credential transmission.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected switches in separate VLANs with strict access controls

Encrypted Management Channel

all

Use SSH or HTTPS for management instead of HTTP/Telnet

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to management interfaces
  • Deploy network monitoring to detect credential sniffing attempts

🔍 How to Verify

Check if Vulnerable:

Use network analyzer (Wireshark) to capture traffic to device management interface and check for cleartext credentials

Check Version:

Check device web interface or CLI for firmware version

Verify Fix Applied:

Verify credentials are no longer visible in cleartext during authentication using network analysis

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts
  • Unusual login times/locations

Network Indicators:

  • Cleartext authentication traffic to switch management IPs
  • ARP spoofing or network sniffing activity

SIEM Query:

source_ip IN (switch_management_ips) AND protocol IN (http, telnet) AND payload CONTAINS 'password'

📊 Metadata

CVE ID: CVE-2019-16672
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-319
Published: December 6, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-16672, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2020-5594 9.8

CVE-2020-5594 is a vulnerability in Mitsubishi Electric PLC CPU modules that transmits sensitive inf...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)