The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. An unauthenticated remote attacker has full access to the Node-RED server and can run arbitrary operating system commands on the underlying operating system with privileged rights.