Pilz: Vulnerability affecting PASvisu Runtime

VDE-2026-019

Last update

23.04.2026 14:00

Published at

23.04.2026 14:00

Vendor(s)

Pilz GmbH & Co. KG

External ID

PPSA-2026-002

CSAF Document

Download

Summary

The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.

Impact

A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.

Affected Product(s)

Model no.	Product name	Affected versions
	Firmware PMI v70Xe <=03.01.00 installed on PMIv7xxe	PASvisu <=1.15.1
	Firmware PMI v8 <=2.2.2 installed on PMIv8xx	PASvisu <=1.15.1
	PASvisu	<=1.15.1

Vulnerabilities

Expand / Collapse all

Published

23.04.2026 14:45

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Initialization of a Resource with an Insecure Default (CWE-1188)

Summary

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

References

cve.org | nvd.nist.gov

Remediation

Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.;

Acknowledgments

Pilz GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1.0.0	23.04.2026 14:00	Initial Version

Pilz: Vulnerability affecting PASvisu Runtime

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2018-25193 7.5

Remediation

Acknowledgments

Revision History