CVE-2019-16674
Severity CVSS v4.0:
Pending analysis
Type:
CWE-330
Use of Insufficiently Random Value
Publication date:
06/12/2019
Last modified:
21/07/2021
Description
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:weidmueller:ie-sw-pl09m-5gc-4gt_firmware:*:*:*:*:*:*:*:* | 3.3.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl09m-5gc-4gt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl09mt-5gc-4gt_firmware:*:*:*:*:*:*:*:* | 3.3.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl09mt-5gc-4gt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18m-2gc-16tx_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl18m-2gc-16tx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18mt-2gc-16tx_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl18mt-2gc-16tx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18m-2gc14tx2sc_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl18m-2gc14tx2sc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18mt-2gc14tx2sc_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl18mt-2gc14tx2sc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18m-2gc14tx2st_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) | |
| cpe:2.3:h:weidmueller:ie-sw-pl18m-2gc14tx2st:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:weidmueller:ie-sw-pl18mt-2gc14tx2st_firmware:*:*:*:*:*:*:*:* | 3.4.4 (including) |
To consult the complete list of CPE names with products and versions, see this page