Summary
Sending too much data in the service telegram of AUMA actuators leads to a buffer overflow in the actuator controls. Depending on the actuator, the service telegram is transmitted either via Bluetooth or RS232
Impact
A buffer overflow can lead to an unexpected behaviour e.g. to restart of the actuator controls.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| AC1.2 | Firmware >06.00.00<06.09.04 | |
| MEC 03.01 | Firmware <01.02.00 | |
| PROFOX | Firmware <01-01.10.00 | |
| SGx/SVx | Firmware >03.00.00<03.05.01 | |
| TIGRON | Firmware <01-01.09.00 | |
| TIGRON SIL | Firmware <02-01.01.00 |
Vulnerabilities
Expand / Collapse allAn unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.
Mitigation
As the Bluetooth interface or the alternatively available RS-232 interface is not required for normal operation, it is advisable to only activate it or only use it when it is required, e.g. when configuring the actuator or reading diagnostic data. It should be deactivated under normal operation conditions.
Remediation
For actuators with Bluetooh, it is recommended to update the firmware of the actuator controls to a new version in order to avoid a buffer overflow.
For actuators without Bluetooth, it is recommended to restrict physical access to the actuator and/or update the firmware if possible.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 05/12/2025 08:00 | Initial revision |
| 2 | 05/14/2025 15:00 | Fix: added distribution |