Back to overview

Pepperl+Fuchs: Remote Code Execution Vulnerability in HMI Devices

VDE-2018-008
Last update
07/06/2018 15:37
Published at
07/06/2018 15:37
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2018-008
CSAF Document
Download

Summary

A remote code execution vulnerability in the Microsoft's Credential Security Support Provider protocol (CredSSP) was identified by security researchers. If exploited successfully, it is possible to relay user credentials for arbitrary code execution on the target system.
See details on Microsoft Advisory CVE-2018-0866 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886)

Impact

A successful vulnerability exploitation enables an attacker to execute arbitrary code and get access to sensitive data, e.g. passwords of the compromised system. The vulnerability allows the attacker to intercept the initial RDP connection between a client and a remote-server. Then an attacker can relay user credentials to a target system and thus get complete Man in the Middle control over a session. A stolen session can be abused to run arbitrary code or commands on the target server on behalf of the user. In consequence for user sessions with sufficient privileges malicious code execution e.g. with local administrator privileges is enabled. This implies that an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Affected Product(s)

Model no. Product name Affected versions
Box Thin Client BTC* Firmware vers:all/*
VisuNet PC* Firmware vers:all/*
VisuNet RM* Firmware vers:all/*

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness
Improper Authentication (CWE-287)
Summary

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

References
cve.org | nvd.nist.gov

Mitigation

Customers using Pepperl+Fuchs HMI devices out of VisuNet RM, VisuNet PC or Box Thin Client BTC* product families should follow these guidelines:

  • Pepperl+Fuchs HMI devices running RM Shell 4 should be updated with RM Image 4 Security Patches 01/2017 to 05/2018 (18-33400C): www.pepperl-fuchs.com/cgi-bin/db/doci...

  • Pepperl+Fuchs HMI devices running RM Shell 5 should be updated with RM Image 5 Security: Windows Cumulative Security Patch 07/2018 (18-33624): www.pepperl-fuchs.com/cgi-bin/db/doci...

  • Pepperl+Fuchs HMI devices running Windows 7 or Windows 10 should be updated by using the Windows Update mechanism.

  • After deploying the patch all connected third-party clients or servers must use the latest version of the CredSSP protocol.

Be aware of installing these patches, because security will be enforced by the update. Security by default restriction might result in an error due to encryption oracle remediation. Updates should be installed on both the server and the HMI device; otherwise, system compatibility might be influenced.

This advisory will be updated as further details and/or software updates become available.

Revision History

Version Date Summary
1 07/06/2018 15:37 Initial revision.