Back to overview

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

VDE-2021-007
Last update
05/14/2025 14:53
Published at
02/16/2021 15:53
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2021-007
CSAF Document
Download

Summary

Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can

denial of service
remote code execution
code exposure
For more information see advisory by Hilscher:
kb.hilscher.com/pages/viewpage.action

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.

Affected Product(s)

Model no. Product name Affected versions
262163 Hardware PCV100-F200-B25-V1D-6011 <=V1.10.0 Hardware PCV100-F200-B25-V1D-6011 <=V1.10.0
284068 Hardware PCV100-F200-B25-V1D-6011-6720 <=V1.10.0 Hardware PCV100-F200-B25-V1D-6011-6720 <=V1.10.0
262161 Hardware PCV50-F200-B25-V1D <=V1.10.0 Hardware PCV50-F200-B25-V1D <=V1.10.0
262162 Hardware PCV80-F200-B25-V1D <=V1.10.0 Hardware PCV80-F200-B25-V1D <=V1.10.0
293431-100004 Hardware PXV100-F200-B25-V1D <=V1.10.0 Hardware PXV100-F200-B25-V1D <=V1.10.0
293431-100010 Hardware PXV100I-F200-B25-V1D <=V1.10.0 Hardware PXV100I-F200-B25-V1D <=V1.10.0
262006 Hardware WCS3B-LS510 <=V1.2.1 Hardware WCS3B-LS510 <=V1.2.1
312683 Hardware WCS3B-LS510-OM <=V1.2.1 Hardware WCS3B-LS510-OM <=V1.2.1
304867 Hardware WCS3B-LS510D <=V1.2.1 Hardware WCS3B-LS510D <=V1.2.1
312682 Hardware WCS3B-LS510D-OM <=V1.2.1 Hardware WCS3B-LS510D-OM <=V1.2.1
304868 Hardware WCS3B-LS510DH <=V1.2.1 Hardware WCS3B-LS510DH <=V1.2.1
312681 Hardware WCS3B-LS510DH-OM <=V1.2.1 Hardware WCS3B-LS510DH-OM <=V1.2.1
304866 Hardware WCS3B-LS510H <=V1.2.1 Hardware WCS3B-LS510H <=V1.2.1
312680 Hardware WCS3B-LS510H-OM <=V1.2.1 Hardware WCS3B-LS510H-OM <=V1.2.1

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Weakness
Out-of-bounds Write (CWE-787)
Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

References
cve.org | nvd.nist.gov

Mitigation

An external protective measure is required.

Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).

Revision History

Version Date Summary
1 02/16/2021 15:53 Initial revision.
2 05/14/2025 14:53 Fix: version space, added distribution