CVE-2019-16672 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Vendor	Product	Version
weidmueller	ie-sw-pl09m-5gc-4gt_firmware	𝑥 ≤ 3.3.4
weidmueller	ie-sw-pl09mt-5gc-4gt_firmware	𝑥 ≤ 3.3.4
weidmueller	ie-sw-pl18m-2gc-16tx_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18mt-2gc-16tx_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18m-2gc14tx2sc_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18mt-2gc14tx2sc_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18m-2gc14tx2st_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18mt-2gc14tx2st_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18m-2gc14tx2scs_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl18mt-2gc14tx2scs_firmware	𝑥 ≤ 3.4.4
weidmueller	ie-sw-pl16m-16tx_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-pl16mt-16tx_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-pl16m-14tx-2sc_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-pl16mt-14tx-2sc_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-pl16m-14tx-2st_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-pl16mt-14tx-2st_firmware	𝑥 ≤ 3.4.2
weidmueller	ie-sw-vl05m-5tx_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl05mt-5tx_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl05m-3tx-2sc_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl05mt-3tx-2sc_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl05m-3tx-2st_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl05mt-3tx-2st_firmware	𝑥 ≤ 3.6.6
weidmueller	ie-sw-vl08mt-8tx_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-vl08mt-5tx-3sc_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-vl08mt-5tx-1sc-2scs_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-vl08mt-6tx-2st_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-vl08mt-6tx-2sc_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-vl08mt-6tx-2scs_firmware	𝑥 ≤ 3.5.2
weidmueller	ie-sw-pl08m-8tx_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08mt-8tx_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08m-6tx-2sc_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08mt-6tx-2sc_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08m-6tx-2st_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08mt-6tx-2st_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08m-6tx-2scs_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl08mt-6tx-2scs_firmware	𝑥 ≤ 3.3.8
weidmueller	ie-sw-pl10m-3gt-7tx_firmware	𝑥 ≤ 3.3.16
weidmueller	ie-sw-pl10mt-3gt-7tx_firmware	𝑥 ≤ 3.3.16
weidmueller	ie-sw-pl10m-1gt-2gs-7tx_firmware	𝑥 ≤ 3.3.16
weidmueller	ie-sw-pl10mt-1gt-2gs-7tx_firmware	𝑥 ≤ 3.3.16

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://cert.vde.com/en-us/advisories

https://cert.vde.com/en-us/advisories/vde-2019-018

https://mdcop.weidmueller.com/mediadelivery/asset/900_102694

https://www.us-cert.gov/ics/advisories/icsa-19-339-02

https://cert.vde.com/en-us/advisories

https://cert.vde.com/en-us/advisories/vde-2019-018

https://mdcop.weidmueller.com/mediadelivery/asset/900_102694

https://www.us-cert.gov/ics/advisories/icsa-19-339-02