Summary
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
This vulnerability is pre-authentication and requires no user interaction.
An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target system's Remote Desktop Service via RDP.
Microsoft Advisories
Impact
-
VisuNet RM Shell 3 devices based on a Windows XP Embedded system do not contain Remote Desktop Services.
→ Therefore, this vulnerability could not be used by an attacker. -
VisuNet RM Shell 4 devices have Remote Desktop Services disabled by default.
→ The vulnerability could only be exploited if the device Administrator enabled Remote Desktop Services after commissioning. -
VisuNet PC devices with Windows XP, Windows 7, or Windows 10
→ It should be verified whether Remote Desktop Services are disabled. -
Systems with enabled Network Level Authentication (NLA)
→ Are only partially affected, as NLA requires authentication before the vulnerability can be triggered.
→ However, these systems are still vulnerable to Remote Code Execution (RCE) if the attacker has valid credentials.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Windows 10 installed on Box Thin Client BTC* vers:all/* | RM Shell 5 <18-33624E | |
| Windows 10 installed on VisuNet PC* vers:all/* | RM Shell 5 <18-33624E | |
| Windows 10 installed on VisuNet RM* vers:all/* | RM Shell 5 <18-33624E | |
| Windows 7 installed on Box Thin Client BTC* vers:all/* | RM Shell 4 <18-33400G | |
| Windows 7 installed on VisuNet PC* vers:all/* | RM Shell 4 <18-33400G | |
| Windows 7 installed on VisuNet RM* vers:all/* | RM Shell 4 <18-33400G |
Vulnerabilities
Expand / Collapse allA remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Remediation
Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:
-
Devices running Windows XP, Windows 7 or Windows 10
→ Should be updated using the Windows Update mechanism. -
Devices running RM Shell 4 with enabled Remote Desktop Services
→ Should be updated with the newest RM Image 4 Security Patches 01/2017 to 09/2019 (18-33400G):
[www.pepperl-fuchs.com/cgi-bin/db/doci...
Note: For RM Shell 4 devices with disabled Remote Desktop Services (default commissioning state), this update is optional but recommended. -
Devices running RM Shell 5 with enabled Remote Desktop Services
→ Should be updated with RM Image 5 Security Patches 09/2019 (18-33624E):
[www.pepperl-fuchs.com/cgi-bin/db/doci...
Note: For RM Shell 5 devices with disabled Remote Desktop Services (default commissioning state), this update is optional but recommended.
For support, please contact your local Pepperl+Fuchs sales representative.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 29.05.2019 09:35 | Initial revision. |
| 1.1.0 | 07.10.2019 12:00 | The summary section was updated to include references to the newly relevant vulnerabilities CVE-2019-1181 and CVE-2019-1182. A previously included statement claiming that "VisuNet RM Shell 5 devices and VisuNet PC devices running Windows 10 are not affected by this vulnerability" was removed from the Impact section, as this information could no longer be confirmed. Additionally, information regarding RM Shell 5 devices was added to the Solution section to provide updated mitigation guidance. |