Back to overview

PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability and information disclosure

VDE-2025-011
Last update
08/27/2025 12:00
Published at
05/26/2025 12:00
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2025-011
CSAF Document
Download

Summary

A stored cross-site scripting vulnerability has been discovered in the profinet gateway LB8122A.1.EL. An attacker can write an HTML tag with up to 32 characters in the message field of a HART transmitter. The HTML tag is interpreted as HTML when the HART information is displayed in a webbrowser. If the HTML tag contains a link to a manipulated page, a user can be tricked into accessing this page.
Furthermore, an attacker can access information about running processes via the SNMP protocol. Sending such SNMP read commands can also trigger a reboot.

Impact

An unauthenticated attacker can use a stored HTML link in a HART transmitter to redirect a user to a manipulated website. From there, he can manipulate the user's device or environment.
An attacker can collect information via SNMP to launch attacks. Sending the read commands can trigger a reboot of the device.

Affected Product(s)

Model no. Product name Affected versions
70138965, 286522 Profinet Gateway FB8122A.1.EL Firmware <V1.3.13
70120382, 286519 Profinet Gateway LB8122A.1.EL Firmware <V1.3.13

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

An unauthenticated remote attacker can access a URL which causes the device to reboot.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary

Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.

References
cve.org | nvd.nist.gov

Mitigation

The web server is switched off by default and can only be switched on via the gateway display. It is then active for 5 minutes and switches itself off again.
- Ensure that only authorized personnel have access to the gateway.
- Only use the gateway in an isolated network environment.

Remediation

Please install the updated firmware V1.3.13.

Revision History

Version Date Summary
1.0.0 06/05/2025 15:28 Initial revision.
1.1.0 08/27/2025 12:00 Update: CWE from CVE-2025-41654, Revision History