Summary
The affected devices run a SSH server that is affected by the regreSSHion vulnerability despite the fact that no user can actually log in through SSH. Attackers may exploit this vulnerability to gain root access to the device.
Impact
An unauthenticated remote attacker can
• read files from the device
• modify or delete data on the device
• can interrupt the device functionality
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 70123992-100000 | VSE1000-F400-B12-A1000 | Firmware 3D-Vision-Sensors <1.15.0.0 |
| 70123992-100001 | VSE2000-F400-B12-A1000 | Firmware 3D-Vision-Sensors <1.15.0.0 |
| 70123992-100002 | VSE3000-F400-B12-A1000 | Firmware 3D-Vision-Sensors <1.15.0.0 |
| 70123993-100000 | VTE7500-F400-B12-A1500 | Firmware 3D-Vision-Sensors <1.15.0.0 |
Vulnerabilities
Expand / Collapse allA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Remediation
Update to the Firmware version 1.15.0.0.
A firmware update will be made available shortly on the corresponding product page on the Pepper+Fuchs Homepage.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 10/02/2024 12:00 | Initial revision. |
| 2 | 11/06/2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 05/14/2025 14:28 | Fix: version space, added distribution |