| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| Profinet Gateway FB8122A.1.EL | < V1.3.13 | |
| Profinet Gateway LB8122A.1.EL | < V1.3.13 |
A stored cross-site scripting vulnerability has been discovered in the profinet gateway LB8122A.1.EL. An attacker can write an HTML tag with up to 32 characters in the message field of a HART transmitter. The HTML tag is interpreted as HTML when the HART information is displayed in a webbrowser. If the HTML tag contains a link to a manipulated page, a user can be tricked into accessing this page. Furthermore, an attacker can access information about running processes via the SNMP protocol. Sending such SNMP read commands can also trigger a reboot.
An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.
An unauthenticated remote attacker can access a URL which causes the device to reboot.
Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.
An unauthenticated attacker can use a stored HTML link in a HART transmitter to redirect a user to a manipulated website. From there, he can manipulate the user's device or environment. An attacker can collect information via SNMP to launch attacks. Sending the read commands can trigger a reboot of the device.
Mitigation
The web server is switched off by default and can only be switched on via the gateway display. It is then active for 5 minutes and switches itself off again.
Remediation
Please install the updated firmware V1.3.13.
CERT@VDE coordinated with PEPPERL+FUCHS