PEPPERL+FUCHS: Device Master ICDM-RX/* – Vulnerability may allow unauthenticated remote attacker information disclosure and denial of service

VDE-2024-033

Last update

05/14/2025 16:34

Published at

08/13/2024 14:00

Vendor(s)

Pepperl+Fuchs SE

External ID

VDE-2024-033

CSAF Document

Download

Summary

Vulnerabilities have been discovered in the product, mainly caused by HTML injection and crosssite-scripting.
The impact of the vulnerability on the affected device may result in an information disclosure and denial of service.

Impact

An unauthenticated remote attacker may use
* a HTML injection vulnerability with limited length to inject malicious HTML code.
* a reflected XSS vulnerability to obtain information from a user or reboot the device once.
* stored XSS vulnerability to obtain information from a user or reboot the device once.

Affected Product(s)

Model no.	Product name	Affected versions
70114026	ICDM-RX/EN-2DB9/RJ45-DIN	Firmware EtherNet/IP <v7.22
70114027	ICDM-RX/EN-2ST/RJ45-DIN	Firmware EtherNet/IP <v7.22
70104872	ICDM-RX/EN-4DB9/2RJ45-DIN	Firmware EtherNet/IP <v7.22
70104870	ICDM-RX/EN-DB9/RJ45-DIN	Firmware EtherNet/IP <v7.22
70114020	ICDM-RX/EN-DB9/RJ45-PM	Firmware EtherNet/IP <v7.22
70104871	ICDM-RX/EN-ST/RJ45-DIN	Firmware EtherNet/IP <v7.22
70114034	ICDM-RX/EN1-2DB9/RJ45-DIN	Firmware EIP/Modbus <v1.08
70114036	ICDM-RX/EN1-2ST/RJ45-DIN	Firmware EIP/Modbus <v1.08
70114035	ICDM-RX/EN1-4DB9/2RJ45-DIN	Firmware EIP/Modbus <v1.08
70114032	ICDM-RX/EN1-DB9/RJ45-DIN	Firmware EIP/Modbus <v1.08
70114024	ICDM-RX/EN1-DB9/RJ45-PM	Firmware EIP/Modbus <v1.08
70114033	ICDM-RX/EN1-ST/RJ45-DIN	Firmware EIP/Modbus <v1.08
70104884	ICDM-RX/MOD-4DB9/2RJ45-DIN	Firmware Modbus TCP <v7.11, Firmware Modbus Server <v7.11, Firmware Modbus Router <v7.09
70104882	ICDM-RX/MOD-DB9/RJ45-DIN	Firmware Modbus TCP <v7.11, Firmware Modbus Server <v7.11, Firmware Modbus Router <v7.09
70104883	ICDM-RX/MOD-ST/RJ45-DIN	Firmware Modbus Router <v7.09, Firmware Modbus TCP <v7.11, Firmware Modbus Server <v7.11
70114028	ICDM-RX/PN-2DB9/RJ45-DIN	Firmware PROFINET <v3.4.9
70114029	ICDM-RX/PN-2ST/RJ45-DIN	Firmware PROFINET <v3.4.9
70104875	ICDM-RX/PN-4DB9/2RJ45-DIN	Firmware PROFINET <v3.4.9
70104873	ICDM-RX/PN-DB9/RJ45-DIN	Firmware PROFINET <v3.4.9
70114018	ICDM-RX/PN-DB9/RJ45-PM	Firmware PROFINET <v3.4.9
70104874	ICDM-RX/PN-ST/RJ45-DIN	Firmware PROFINET <v3.4.9
70114039	ICDM-RX/PN1-2DB9/RJ45-DIN	Firmware PROFINET/Modbus <v1.0.7
70114042	ICDM-RX/PN1-2ST/RJ45-DIN	Firmware PROFINET/Modbus <v1.0.7
70114040	ICDM-RX/PN1-4DB9/2RJ45-DIN	Firmware PROFINET/Modbus <v1.0.7
70114037	ICDM-RX/PN1-DB9/RJ45-DIN	Firmware PROFINET/Modbus <v1.0.7
70114025	ICDM-RX/PN1-DB9/RJ45-PM	Firmware PROFINET/Modbus <v1.0.7
70114038	ICDM-RX/PN1-ST/RJ45-DIN	Firmware PROFINET/Modbus <v1.0.7
70114049	ICDM-RX/TCP-16DB9/RJ45-RM	Firmware SocketServer <v11.65
70139042	ICDM-RX/TCP-16RJ45/2RJ45-PM	Firmware SocketServer <v11.65
70114048	ICDM-RX/TCP-16RJ45/RJ45-RM	Firmware SocketServer <v11.65
70114044	ICDM-RX/TCP-2DB9/RJ45-DIN	Firmware SocketServer <v11.65
70114045	ICDM-RX/TCP-2ST/RJ45-DIN	Firmware SocketServer <v11.65
70114050	ICDM-RX/TCP-32RJ45/RJ45-RM	Firmware SocketServer <v11.65
70104869	ICDM-RX/TCP-4DB9/2RJ45-DIN	Firmware SocketServer <v11.65
70114046	ICDM-RX/TCP-4DB9/2RJ45-PM	Firmware SocketServer <v11.65
70114047	ICDM-RX/TCP-8DB9/2RJ45-PM	Firmware SocketServer <v11.65
70104867	ICDM-RX/TCP-DB9/RJ45-DIN	Firmware SocketServer <v11.65
70104885	ICDM-RX/TCP-DB9/RJ45-PM	Firmware SocketServer <v11.65
70139038	ICDM-RX/TCP-DB9/RJ45-PM2	Firmware SocketServer <v11.65
70104868	ICDM-RX/TCP-ST/RJ45-DIN	Firmware SocketServer <v11.65

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:57

Severity

6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.

References

cve.org | nvd.nist.gov

Remediation

Update to a new version of the firmware you are using:
* SocketServer v11.66
* PROFINET v3.4.10
* PROFINET/Modbus v1.0.8
* EtherNet/IP v7.23
* EIP/Modbus v1.09
* Modbus Router v7.10
* Modbus Server v7.12
* Modbus TCP v7.12

Revision History

Version	Date	Summary
1	08/13/2024 14:00	Initial revision.
2	11/06/2024 12:27	Fix: correct certvde domain, added self-reference
3	05/14/2025 16:34	Fix: version space

PEPPERL+FUCHS: Device Master ICDM-RX/* – Vulnerability may allow unauthenticated remote attacker information disclosure and denial of service

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2024-5849 7.1

CVE-2024-38502 7.1

CVE-2024-38501 6.1

Remediation

Revision History