Weidmueller Industrial Ethernet Switches (ICSA-19-339-02)

CISA has published an advisory on improper restriction of excessive authentication attempts, uncontrolled resource consumption, missing encryption of sensitive data, unprotected storage of credentials, and predictable from observable state vulnerabilities in Weidmueller Industrial Ethernet Switches. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to the device, affecting the confidentiality, integrity, and availability of the device the attacker is targeting. CERT@VDE and Weidmueller have provided mitigation measures for the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.