Back to overview

Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities

VDE-2021-042
Last update
05/14/2025 15:00
Published at
10/18/2021 10:24
Vendor(s)
Weidmueller Interface GmbH & Co. KG
External ID
VDE-2021-042
CSAF Document
Download

Summary

The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.

Impact

Affected Product(s)

Model no. Product name Affected versions
1334890000 UR20-FBC-CAN Firmware <=01.08.00
2625010000 UR20-FBC-CC Firmware <=01.00.02
2680260000 UR20-FBC-CC-TSN Firmware <=01.02.01
1334900000 UR20-FBC-DN Firmware <=01.08.00
1334910000 UR20-FBC-EC Firmware <=01.12.00
2659690000 UR20-FBC-EC-ECO Firmware <=01.00.01
1334920000 UR20-FBC-EIP Firmware <=02.11.00
2661310000 UR20-FBC-IEC61162-450 Firmware <=01.01.00
2659700000 UR20-FBC-MOD-TCP-ECO Firmware <=01.00.00
2476450000 UR20-FBC-MOD-TCP-V2 Firmware <=02.08.01
2614380000 UR20-FBC-PB-DP-V2 Firmware <=01.10.00
1334940000 UR20-FBC-PL Firmware <=01.08.00
2659680000 UR20-FBC-PN-ECO Firmware <=01.00.02
2566380000 UR20-FBC-PN-IRT-V2 Firmware <=01.11.00

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Input Validation (CWE-20)
References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Input Validation (CWE-20)
References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Input Validation (CWE-20)
References
cve.org | nvd.nist.gov

Mitigation

Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.

  • Do not directly connect the affected products to the internet.
  • Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
  • Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).

Revision History

Version Date Summary
1 10/18/2021 10:24 Initial revision.
2 04/10/2025 09:45 Fix: change vendor in product tree
3 05/14/2025 15:00 Fix: added distribution