VDE-2025-039
                        
                    
                                Last update
                            
                            
                                01.07.2025 12:00
                            
                        
                                Published at
                            
                            
                                01.07.2025 12:00
                            
                        
                                Vendor(s)
                            
                            
                                Pilz GmbH & Co. KG
                            
                        
                                External ID
                            
                            
                                PPSA-2025-003
                            
                        
                                        CSAF Document
                                    
                                    
                                Summary
The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
Impact
An attacker can bypass the login to the web application making it possible to access and maliciously change all available settings of the IndustrialPI.
Affected Product(s)
| Model no. | Product name | Affected versions | 
|---|---|---|
| Firmware Bullseye <=2024-08 installed on IndustrialPI 4 | IndustrialPI webstatus <2.4.6 | 
Vulnerabilities
Expand / Collapse allRemediation
Update the webstatus package to version 2.4.6 via the 'apt' package manager. Use 'sudo apt update && sudo apt upgrade -y' to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use 'dpkg -l | grep revpi-webstatus'.; Limit network access to the IndustrialPI by using a firewall or similar measures.;
Acknowledgments
Pilz GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary | 
|---|---|---|
| 1.0.0 | 01.07.2025 12:00 | Initial Version |