How to find Weidmüller Industrial Ethernet switches on your network

Latest Weidmüller Industrial Ethernet switch vulnerabilities #

Multiple vulnerabilities have been disclosed in certain models and versions of Weidmüller Industrial Ethernet switch firmware. These vulnerabilities would allow a remote, unauthenticated attacker to execute arbitrary commands or perform denial-of-service against vulnerable devices.

• CVE-2025-41651 and has been rated critical with a CVSS score of 9.8.
• CVE-2025-41652 and has been rated critical with a CVSS score of 9.8.
• CVE-2025-41649 and has been rated high with a CVSS score of 7.5.
• CVE-2025-41650 and has been rated high with a CVSS score of 7.5.
• CVE-2025-41653 and has been rated high with a CVSS score of 7.5.

The following models and versions are affected

• IE-SW-VL08MT-8TX firmware versions prior to 3.5.36
• IE-SW-PL10M-3GT-7TX firmware versions prior to 3.3.34
• IE-SW-PL10MT-3GT-7TX firmware versions prior to 3.3.34
• IE-SW-PL16M-16TX firmware versions prior to 3.4.32
• IE-SW-PL16MT-16TX firmware versions prior to 3.4.32
• IE-SW-PL18M-2GC-16TX firmware versions prior to 3.4.40
• IE-SW-PL18MT-2GC-16TX firmware versions prior to 3.4.40
• IE-SW-VL05M-5TX firmware versions prior to 3.6.32
• IE-SW-VL05MT-5TX firmware versions prior to 3.6.32
• IE-SW-VL08MT-5TX-1SC-2SCS firmware versions prior to 3.5.36
• IE-SW-VL08MT-6TX-2SC firmware versions prior to 3.5.36
• IE-SW-VL08MT-6TX-2SCS firmware versions prior to 3.5.36
• IE-SW-VL08MT-6TX-2ST firmware versions prior to 3.5.36

What is the impact? #

Successful exploitation of the missing authentication or authentication bypass vulnerabilities would allow an attacker to execute arbitrary commands on vulnerable switches, allowing them to take full control of affected devices. Three of the other vulnerabilities allow an attacker to potentially disrupt system operations and cause a denial-of-service against vulnerable switches.

Are any updates or workarounds available? #

Weidmüller firmware release notes indicate that the following models and versions are no longer vulnerable. Upgrade affected systems to the new firmware versions.

• IE-SW-VL05M-5TX and IE-SW-VL05MT-5TX to version 3.6.32
• IE-SW-VL08MT-8TX, IE-SW-VL08MT-5TX-1SC-2SCS, IE-SW-VL08MT-6TX-2SC, IE-SW-VL08MT-6TX-2ST and IE-SW-VL08MT-6TX-2SCS to version 3.5.36
• IE-SW-PL10M-3GT-7TX and IE-SW-PL10MT-3GT-7TX to version 3.3.34
• IE-SW-PL16M-16TX and IE-SW-PL16MT-16TX to version 3.4.32
• IE-SW-PL18M-2GC-16TX and IE-SW-PL18MT-2GC-16TX to version 3.4.40

How do I find Weidmüller Industrial Ethernet switches with runZero? #

From the Asset Inventory, use the following query to locate potentially impacted assets:

(hw:"Weidmüller IE-SW-VL08MT-8TX" OR hw:"Weidmüller IE-SW-PL10M-3GT-7TX" OR hw:"Weidmüller IE-SW-PL10MT-3GT-7TX" OR hw:"Weidmüller IE-SW-PL16M-16TX" OR hw:"Weidmüller IE-SW-PL16MT-16TX" OR hw:"Weidmüller IE-SW-PL18M-2GC-16TX" OR hw:"Weidmüller IE-SW-PL18MT-2GC-16TX" OR hw:"Weidmüller IE-SW-VL05M-5TX" OR hw:"Weidmüller IE-SW-VL05MT-5TX" OR hw:"Weidmüller IE-SW-VL08MT-5TX-1SC-2SCS" OR hw:"Weidmüller IE-SW-VL08MT-6TX-2SC" OR hw:"Weidmüller IE-SW-VL08MT-6TX-2SCS" OR hw:"Weidmüller IE-SW-VL08MT-6TX-2ST")