A critical vulnerability has been discovered in the fdtCONTAINER component by M&M Software GmbH used by PACTware.
While de-serializing PACTware 5 project files (loading PW5 files) the vulnerability can be exploited to execute arbitrary code.
The fdtCONTAINER component is integrated into an application (host application). The fdtCONTAINER application is a specific host application which integrates the fdtCONTAINER component.
The fdtCONTAINER component exchanges binary data blobs with such a host application. Typically, the host application saves these binary data blobs into a project storage (project file or a project database).
To manipulate the data inside the project storage, the attacker needs write access to this project storage. Additionally, the manipulated project needs to be opened by the host application. It depends on the host application whether opening the project requires a user action or not. In
fdtCONTAINER applications, the user has to open the manipulated project file manually.
In the case of opening a stored project, the deserialization of the manipulated data can be exploited.
Several vulnerabilities exist within firmware versions up to and including v1.5.48.
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets.
For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource (CWE-909).
Multiple vulnerabilities have been identified in PLCnext Control devices. Please consult the aforementioned CVE-IDs.
Uncontrolled Resource Consumption can be exploited to cause the HMI to become unresponsive and not accurately update the display content (Denial of Service).
The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side.