Zurück zur Übersicht

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

VDE-2021-006
Last update
14.05.2025 15:00
Published at
16.11.2021 15:53
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2021-006
CSAF Document

Summary

Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.

The impact of the vulnerability on the affected device is that it can
- no longer perform acyclic requests
- may drop all established cyclic connections may
- disappear completely from the network.

For more information see advisory by Hilscher:

kb.hilscher.com/display/ISMS/2020-12-...

Update 20.11.2024: Products have been added

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.

Affected Product(s)

Model no. Product name Affected versions
312679 CS3B-LS610-OM Firmware <=V3.0.0
289804-100000 OHV-F230-B17 Firmware <=V1.1.0
316742 OIT500-F113-B17-CB Firmware <=V1.3.4
247325 PCV100-F200-B17-V1D Firmware <=V3.2.3
264850 PCV100-F200-B17-V1D-6011 Firmware <=V3.2.5
282529 PCV100-F200-B17-V1D-6011-6997 Firmware <=V3.2.3
70103187 PCV100-F200-B17-V1D-6011-8203 Firmware <=V3.2.5
259676 PCV50-F200-B17-V1D Firmware <=V3.2.3
244538 PCV80-F200-B17-V1D Firmware <=V3.2.3
285693-100005 PGV100-F200-B17-V1D-7477 Firmware <=V2.0.0
285693-100000 PGV100-F200A-B17-V1D Firmware <=V2.0.0
303881 PGV100A-F200-B28-V1D Firmware <=V1.0.3
303883 PGV100A-F200A-B28-V1D Firmware <=V1.0.3
70105231 PGV100AQ-F200-B28-V1D Firmware <=V2.1.1
70105189 PGV100AQ-F200A-B28-V1D Firmware <=V2.1.1
285693-100001 PGV150I-F200A-B17-V1D Firmware <=V2.0.0
307562 PHA150-F200-B17-V1D Firmware <=V3.1.5
293772 PHA150-F200A-B17-V1D Firmware <=V3.1.5
266680 PHA200-F200-B17-V1D Firmware <=V3.1.5
295658 PHA200-F200A-B17-T-V1D Firmware <=V3.1.5
266679 PHA200-F200A-B17-V1D Firmware <=V3.1.5
PHA300-F200-B17-T-V1D Firmware <=V3.1.5
255662 PHA300-F200-B17-V1D Firmware <=V3.1.5
283557 PHA300-F200A-B17-T-V1D Firmware <=V3.1.5
258403 PHA300-F200A-B17-V1D Firmware <=V3.1.5
257498 PHA400-F200-B17-V1D Firmware <=V3.1.5
323292 PHA400-F200A-B17-T-V1D Firmware <=V3.1.5
270875 PHA400-F200A-B17-V1D Firmware <=V3.1.5
292686 PHA500-F200-B17-V1D Firmware <=V3.1.5
323438 PHA500-F200A-B17-T-V1D Firmware <=V3.1.5
292696 PHA500-F200A-B17-V1D Firmware <=V3.1.5
292701 PHA600-F200-B17-V1D Firmware <=V3.1.5
291103 PHA600-F200A-B17-V1D Firmware <=V3.1.5
70103352 PHA700-F200-B17-V1D Firmware <=V3.1.5
320263 PHA800-F200-B17-V1D Firmware <=V3.1.5
293431-100003 PXV100-F200-B17-V1D Firmware <=V4.2.0
293431-100020 PXV100-F200-B17-V1D-3636 Firmware <=V4.2.0
PXV100A-F200-B28-V1D Firmware <=V1.0.3
298410 PXV100A-F200-B28-V1D-6011 Firmware <=V1.0.3
70105248 PXV100AQ-F200-B28-V1D Firmware <=V2.1.1
70105249 PXV100AQ-F200-B28-V1D-6011 Firmware <=V2.1.1
262007 WCS3B-LS610 Firmware <=V3.0.0
280552 WCS3B-LS610D Firmware <=V3.0.0
312678 WCS3B-LS610D-OM Firmware <=V3.0.0
280553 WCS3B-LS610DH Firmware <=V3.0.0
312677 WCS3B-LS610DH-OM Firmware <=V3.0.0
280551 WCS3B-LS610H Firmware <=V3.0.0
312676 WCS3B-LS610H-OM Firmware <=V3.0.0

Vulnerabilities

Expand / Collapse all

Published
24.09.2025 12:38
Weakness
Out-of-bounds Write (CWE-787)
Summary

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

References

Mitigation

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Acknowledgments

Pepperl+Fuchs SE thanks the following parties for their efforts:

  • CERT@VDE for coordination (see https://certvde.com )
  • Hilscher Gesellschaft für Systemautomation mbH for reporting.

Revision History

Version Date Summary
1 16.02.2021 15:53 Initial revision.
2 20.11.2024 10:34 Products have been added
3 14.05.2025 15:00 Fix: added distribution