Zurück zur Übersicht

Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules

VDE-2021-018
Last update
12.05.2021 10:57
Published at
12.05.2021 10:57
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2021-018
CSAF Document
Download

Summary

Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerabilities on the affected device is that it can result in:
* Denial of Service (DoS)
* Remote Code Execution (RCE)
* Code Exposure

Note:
ICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.

Affected Product(s)

Model no. Product name Affected versions
Hardware ICE1-16DI-G60L-V1D <=F10017 Hardware ICE1-16DI-G60L-V1D <=F10017
Hardware ICE1-16DIO-G60L-C1-V1D <=F10017 Hardware ICE1-16DIO-G60L-C1-V1D <=F10017
Hardware ICE1-16DIO-G60L-V1D <=F10017 Hardware ICE1-16DIO-G60L-V1D <=F10017
Hardware ICE1-8DI8DO-G60L-C1-V1D <=F10017 Hardware ICE1-8DI8DO-G60L-C1-V1D <=F10017
Hardware ICE1-8DI8DO-G60L-V1D <=F10017 Hardware ICE1-8DI8DO-G60L-V1D <=F10017
Hardware ICE1-8IOL-G30L-V1D <=F10017 Hardware ICE1-8IOL-G30L-V1D <=F10017
Hardware ICE1-8IOL-G60L-V1D <=F10017 Hardware ICE1-8IOL-G60L-V1D <=F10017
Hardware ICE1-8IOL-S2-G60L-V1D <=F10017 Hardware ICE1-8IOL-S2-G60L-V1D <=F10017

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:58
Severity
8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Weakness
Out-of-bounds Write (CWE-787)
Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

References
cve.org | nvd.nist.gov

Published
22.09.2025 14:58
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Out-of-bounds Write (CWE-787)
Summary

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

References
cve.org | nvd.nist.gov

Published
22.09.2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.

References
cve.org | nvd.nist.gov

Published
22.09.2025 14:57
Severity
4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness
Observable Discrepancy (CWE-203)
Summary

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

References
cve.org | nvd.nist.gov

Mitigation

An external protective measure is required. Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network. If remote access is required, use secure methods such as virtual private networks (VPNs).

Revision History

Version Date Summary
1 12.05.2021 10:57 Initial revision.