| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 1334990000 | IOT-GW30 | 1.3.0 <= 1.9.0 |
| 1334990000 | IOT-GW30 | 1.10.0 <= 1.10.2 |
| 1334990000 | IOT-GW30 | = 1.11.0 |
| 1334990000 | IOT-GW30 | = 1.12.1 |
| 1334990000 | IOT-GW30-4G-EU | 1.3.0 <= 1.9.0 |
| 1334990000 | IOT-GW30-4G-EU | 1.10.0 <= 1.10.2 |
| 1334990000 | IOT-GW30-4G-EU | = 1.11.0 |
| 1334990000 | IOT-GW30-4G-EU | = 1.12.1 |
| 1334950000 | UC20-WL2000-AC | 1.3.0 <= 1.9.0 |
| 1334950000 | UC20-WL2000-AC | 1.10.0 <= 1.10.2 |
| 1334950000 | UC20-WL2000-AC | = 1.11.0 |
| 1334950000 | UC20-WL2000-AC | = 1.12.1 |
| 1334990000 | UC20-WL2000-IOT | 1.3.0 <= 1.9.0 |
| 1334990000 | UC20-WL2000-IOT | 1.10.0 <= 1.10.2 |
| 1334990000 | UC20-WL2000-IOT | = 1.11.0 |
| 1334990000 | UC20-WL2000-IOT | = 1.12.1 |
A network port intended only for device-internal usage is accidentally accessible via external network interfaces.
The reported vulnerability allows an attacker who has network access and knowledge about the internal configuration protocol to read and write configuration data without prior authorization. By exploiting this vulnerability the attacker potentially is able to manipulate or stop the operation of the device.
Mitigation
Remidiation
Weidmüller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability.
Alternatively the following firmware versions which fix this vulnerability may be installed:
| Product | Affected (installed) firmware version | Fixed firmware version |
| Any affected product | 1.3.0 - 1.9.0 | 1.9.1 |
| 1.10.1, 1.10.2 | 1.10.3 | |
| 1.10.0, 1.11.0, 1.12.1 | 1.12.3 |
Reported by Weidmüller.