Back to overview

Weidmueller: Accidentally open network port in u-controls and IoT-Gateways

VDE-2021-016
Last update
05/14/2025 14:28
Published at
05/04/2021 10:17
Vendor(s)
Weidmueller Interface GmbH & Co. KG
External ID
VDE-2021-016
CSAF Document
Download

Summary

A network port intended only for device-internal usage is accidentally accessible via external network interfaces.

Impact

The reported vulnerability allows an attacker who has network access and knowledge about the internal configuration protocol to read and write configuration data without prior authorization. By exploiting this vulnerability the attacker potentially is able to manipulate or stop the operation of the device.

Affected Product(s)

Model no. Product name Affected versions
1334990000 IOT-GW30 Firmware 1.12.1, Firmware 1.11.0, Firmware 1.10.0<=1.10.2, Firmware 1.3.0<=1.9.0
1334990000 IOT-GW30-4G-EU Firmware 1.10.0<=1.10.2, Firmware 1.12.1, Firmware 1.11.0, Firmware 1.3.0<=1.9.0
1334950000 UC20-WL2000-AC Firmware 1.3.0<=1.9.0, Firmware 1.11.0, Firmware 1.10.0<=1.10.2, Firmware 1.12.1
1334990000 UC20-WL2000-IOT Firmware 1.3.0<=1.9.0, Firmware 1.10.0<=1.10.2, Firmware 1.12.1, Firmware 1.11.0

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Exposure of Resource to Wrong Sphere (CWE-668)
Summary

In Weidmueller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

References
cve.org | nvd.nist.gov

Mitigation

  • Restrict access to the network th device is connected to
  • Do not directly connect the device to the internet

Remediation

Weidmüller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability.

Alternatively the following firmware versions which fix this vulnerability may be installed:

Product Affected (installed) firmware version Fixed firmware version
Any affected product 1.3.0 - 1.9.0 1.9.1
Any affected product 1.10.1, 1.10.2 1.10.3
Any affected product 1.10.0, 1.11.0, 1.12.1 1.12.3

Revision History

Version Date Summary
1 05/04/2021 10:17 Initial revision.
2 05/14/2025 14:28 Fix: version space, firmware category, added distribution