Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities

Publisher: Weidmueller Interface GmbH & Co. KG	Document category: csaf_security_advisory
Initial release date: 2025-05-27T09:00:00.000Z	Engine: Secvisogram 2.5.25
Current release date: 2025-05-27T09:00:00.000Z	Build Date: 2025-05-26T07:57:32.795Z
Current version: 1	Status: final
CVSSv3.1 Base Score: 9.8	Severity: Critical
Original language:	Language: en-GB
Also referred to: VDE-2025-044, WMSA-2500001

Summary

Weidmueller industrial ethernet switches are affected by multiple vulnerabilities. Weidmueller has released new firmwares of the affected products to fix the vulnerabilities.

General Recommendation

As a general security measure, Weidmueller strongly recommends minimizing network exposure of products. Limit access to trusted networks by using appropriate mechanisms.

Impact

Weidmueller industrial ethernet switches are vulnerable to multiple vulnerabilities. The security of the devices may be compromised. Further information can be found under vulnerability details.

Remediation

Update to the new version as listed in the following table:

Product	Article number	Affected Version	Fixed Version
IE-SW-VL05M-5TX	1504280000	<V3.6.32	V3.6.32
IE-SW-VL05MT-5TX	1504310000	<V3.6.32	V3.6.32
IE-SW-VL08MT-8TX	1240940000	<V3.5.36	V3.5.36
IE-SW-VL08MT-5TX-1SC-2SCS	1345240000
IE-SW-VL08MT-6TX-2SC	1344770000
IE-SW-VL08MT-6TX-2ST	1240990000
IE-SW-VL08MT-6TX-2SCS	1241020000
IE-SW-PL10M-3GT-7TX	1241290000	<V3.3.34	V3.3.34
IE-SW-PL10MT-3GT-7TX	1286930000	<V3.3.34	V3.3.34
IE-SW-PL16M-16TX	1241100000	<V3.4.32	V3.4.32
IE-SW-PL16MT-16TX	1286820000	<V3.4.32	V3.4.32
IE-SW-PL18M-2GC-16TX	1241320000	<V3.4.40	V3.4.40
IE-SW-PL18MT-2GC-16TX	1286970000	<V3.4.40	V3.4.40

Vulnerabilities

CVE-2025-41649

Description

An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.

CWE:	CWE-787:Out-of-bounds Write

Product status

Known affected

Product	CVSS-Vector	CVSS Base Score
Firmware <V3.6.32 installed on IE-SW-VL05M-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16M-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5

Fixed

Firmware V3.6.32 installed on IE-SW-VL05M-5TX
Firmware V3.6.32 installed on IE-SW-VL05MT-5TX
Firmware V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS
Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX
Firmware V3.4.32 installed on IE-SW-PL16M-16TX
Firmware V3.4.32 installed on IE-SW-PL16MT-16TX
Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Remediations

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.6.32

For products:

Firmware <V3.6.32 installed on IE-SW-VL05M-5TX
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.5.36

For products:

Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.3.34

For products:

Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.32

For products:

Firmware <V3.4.32 installed on IE-SW-PL16M-16TX
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.40

For products:

Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

CVE-2025-41650

Description

An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.

CWE:	CWE-1287:Improper Validation of Specified Type of Input

Product status

Known affected

Product	CVSS-Vector	CVSS Base Score
Firmware <V3.6.32 installed on IE-SW-VL05M-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16M-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5

Fixed

Firmware V3.6.32 installed on IE-SW-VL05M-5TX
Firmware V3.6.32 installed on IE-SW-VL05MT-5TX
Firmware V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS
Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX
Firmware V3.4.32 installed on IE-SW-PL16M-16TX
Firmware V3.4.32 installed on IE-SW-PL16MT-16TX
Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Remediations

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.6.32

For products:

Firmware <V3.6.32 installed on IE-SW-VL05M-5TX
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.5.36

For products:

Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.3.34

For products:

Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.32

For products:

Firmware <V3.4.32 installed on IE-SW-PL16M-16TX
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.40

For products:

Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

CVE-2025-41651

Description

Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.

CWE:	CWE-306:Missing Authentication for Critical Function

Product status

Known affected

Product	CVSS-Vector	CVSS Base Score
Firmware <V3.6.32 installed on IE-SW-VL05M-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.32 installed on IE-SW-PL16M-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8

Fixed

Firmware V3.6.32 installed on IE-SW-VL05M-5TX
Firmware V3.6.32 installed on IE-SW-VL05MT-5TX
Firmware V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS
Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX
Firmware V3.4.32 installed on IE-SW-PL16M-16TX
Firmware V3.4.32 installed on IE-SW-PL16MT-16TX
Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Remediations

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.6.32

For products:

Firmware <V3.6.32 installed on IE-SW-VL05M-5TX
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.5.36

For products:

Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.3.34

For products:

Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.32

For products:

Firmware <V3.4.32 installed on IE-SW-PL16M-16TX
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.40

For products:

Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

CVE-2025-41652

Description

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

CWE:	CWE-656:Reliance on Security Through Obscurity

Product status

Known affected

Product	CVSS-Vector	CVSS Base Score
Firmware <V3.6.32 installed on IE-SW-VL05M-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.32 installed on IE-SW-PL16M-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8

Fixed

Firmware V3.6.32 installed on IE-SW-VL05M-5TX
Firmware V3.6.32 installed on IE-SW-VL05MT-5TX
Firmware V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS
Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX
Firmware V3.4.32 installed on IE-SW-PL16M-16TX
Firmware V3.4.32 installed on IE-SW-PL16MT-16TX
Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Remediations

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.6.32

For products:

Firmware <V3.6.32 installed on IE-SW-VL05M-5TX
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.5.36

For products:

Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.3.34

For products:

Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.32

For products:

Firmware <V3.4.32 installed on IE-SW-PL16M-16TX
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.40

For products:

Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

CVE-2025-41653

Description

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.

CWE:	CWE-410:Insufficient Resource Pool

Product status

Known affected

Product	CVSS-Vector	CVSS Base Score
Firmware <V3.6.32 installed on IE-SW-VL05M-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16M-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5

Fixed

Firmware V3.6.32 installed on IE-SW-VL05M-5TX
Firmware V3.6.32 installed on IE-SW-VL05MT-5TX
Firmware V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS
Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX
Firmware V3.4.32 installed on IE-SW-PL16M-16TX
Firmware V3.4.32 installed on IE-SW-PL16MT-16TX
Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Remediations

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.6.32

For products:

Firmware <V3.6.32 installed on IE-SW-VL05M-5TX
Firmware <V3.6.32 installed on IE-SW-VL05MT-5TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.5.36

For products:

Firmware <V3.5.36 installed on IE-SW-VL08MT-8TX
Firmware <V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SC
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2ST
Firmware <V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.3.34

For products:

Firmware <V3.3.34 installed on IE-SW-PL10M-3GT-7TX
Firmware <V3.3.34 installed on IE-SW-PL10MT-3GT-7TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.32

For products:

Firmware <V3.4.32 installed on IE-SW-PL16M-16TX
Firmware <V3.4.32 installed on IE-SW-PL16MT-16TX

Vendor fix (2025-05-19T08:00:00.000Z)

Update to version V3.4.40

For products:

Firmware <V3.4.40 installed on IE-SW-PL18M-2GC-16TX
Firmware <V3.4.40 installed on IE-SW-PL18MT-2GC-16TX

Acknowledgments

Weidmueller Interface GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see: https://certvde.com )

Weidmueller Interface GmbH & Co. KG

Namespace: https://www.weidmueller.com

psirt@weidmueller.com

References

Weidmueller Security Advisory Board (external) https://support.weidmueller.com/support-center/popular-resources/security-advisory-board
CERT@VDE Security Advisories for Weidmueller (external) https://certvde.com/de/advisories/vendor/weidmueller/
VDE-2025-044: Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities - HTML (self) https://certvde.com/de/advisories/VDE-2025-044
VDE-2025-044: Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities - CSAF (self) https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-044.json

Revision history

Version	Date of the revision	Summary of the revision
1	2025-05-27T09:00:00.000Z	Initial version

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/