| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| IE-SW-PL10M-3GT-7TX | < V3.3.32 | |
| IE-SW-PL10MT-3GT-7TX | < V3.3.32 | |
| IE-SW-PL16M-16TX | < V3.4.30 | |
| IE-SW-PL16MT-16TX | < V3.4.30 | |
| IE-SW-PL18M-2GC-16TX | < V3.4.38 | |
| IE-SW-PL18MT-2GC-16TX | < V3.4.38 | |
| IE-SW-VL05M-5TX | < V3.6.30 | |
| IE-SW-VL05MT-5TX | < V3.6.30 | |
| IE-SW-VL08MT-5TX-1SC-2SCS | < V3.5.34 | |
| IE-SW-VL08MT-6TX-2SC | < V3.5.34 | |
| IE-SW-VL08MT-6TX-2SCS | < V3.5.34 | |
| IE-SW-VL08MT-6TX-2ST | < V3.5.34 | |
| IE-SW-VL08MT-8TX | < V3.5.34 |
Multiple Weidmüller products are affected by an OpenSSL vulnerability.
Weidmüller has released new firmwares of the affected products to fix the vulnerability.
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Weidmüller products are vulnerable to a birthday attack referred to as SWEET32. When exploited, the vulnerability may lead to the unauthorized disclosure of information.
General Recommendation
As a general security measure, Weidmüller strongly recommends minimizing network exposure of products. Limit access to trusted networks by using appropriate mechanisms.
Remediation
Update to new version as listed below.
| Product | Affected Version | Fixed Version |
| IE-SW-VL05M-5TX | <V3.6.30 | V3.6.30 |
| IE-SW-VL05MT-5TX | ||
| IE-SW-VL08MT-8TX | <V3.5.34 | V3.5.34 |
| IE-SW-VL08MT-5TX-1SC-2SCS | ||
| IE-SW-VL08MT-6TX-2SC | ||
| IE-SW-VL08MT-6TX-2ST | ||
| IE-SW-VL08MT-6TX-2SCS | ||
| IE-SW-PL10M-3GT-7TX | <V3.3.32 | V3.3.32 |
| IE-SW-PL10MT-3GT-7TX | ||
| IE-SW-PL16M-16TX | <V3.4.30 | V3.4.30 |
| IE-SW-PL16MT-16TX | ||
| IE-SW-PL18M-2GC-16TX | <V3.4.38 | V3.4.38 |
| IE-SW-PL18MT-2GC-16TX |
CERT@VDE coordinated with Weidmüller