Summary
PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The PASvisu Server component contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to code execution.
Impact
The PASvisu Server provides an integrated web server which is also used to send the configuration from the PASvisu Builder to the server component. When receiving and processing a configuration, it does not properly check pathnames. If the PASvisu Server is not properly protected by setting an administration password, the listed vulnerabilities can be exploited by an attacker to write arbitrary files. In the worst case scenario this could lead to remote code execution.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| PASvisu Software <1.12.0 | PASvisu Software <1.12.0 | |
| 265507 | PMI v5xx <=1.3.58 | PMI v5xx <=1.3.58 |
| 266704 | PMI v7xx <2.2.0 | PMI v7xx <2.2.0 |
| 266807 | PMI v8xx <1.6.102 | PMI v8xx <1.6.102 |
Vulnerabilities
Expand / Collapse allThis affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
Remediation
PASvisu software, PMI v7xx, PMI v8xx: Configure an administration password.
PASvisu, PMI v7xx, PMI v8xx: Install the fixed version as soon as it is available. Please visit the Pilz Shop (www.pilz.com/enINT/eshop) to check for a fixed version.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 11/24/2022 10:00 | Initial revision. |