WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability

Vulnerability

A command injection vulnerability exists in the iw_webs functionality of multiple versions of Weidmueller Industrial WLAN devices. The iw_serverip parameter is not properly sanitized, allowing user input to be reflected in a subsequent call to iw_system, a system-level command execution function. This leads to arbitrary command execution on the device. The affected versions are not explicitly enumerated in the available references, but the advisory from CERT VDE (VDE-2026-026) indicates that multiple versions are impacted [1].

Exploitation

An attacker must be authenticated to the device with a low-privilege user account to exploit this vulnerability. The attacker sends a specially crafted iw_serverip parameter, which is then passed unsanitized into a system command. No user interaction beyond the initial authentication is required, and no race condition or other timing-dependent behavior is needed [1].

Impact

Successful exploitation gives the attacker remote control over the device, allowing arbitrary command execution with the privileges of the iw_webs process (typically root or similar high-level access). This results in full compromise of confidentiality, integrity, and availability (CIA) of the device and potentially the wider industrial network it is connected to [1].

Mitigation

The vendor advisory VDE-2026-026 recommends upgrading to a patched firmware version. Specific fixed versions and release dates are not provided in the available references. If no patch is available, isolating affected devices from untrusted networks and restricting authentication access to trusted users are advised workarounds [1].