Summary
The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.
Impact
An unauthenticated attacker can exploit the vulnerabilities by sending specially crafted HTTP packets to the system. Depending on the vulnerability, memory content can be overwritten or corrupted. In a worst-case scenario this can be used by the attacker to execute arbitrary code on the system to gain full control over it.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| G1000021 | PIT gb RLLE y down ETH | Firmware <02.02.00 |
| G1000020 | PIT gb RLLE y up ETH | Firmware <02.02.00 |
| 402256 | PITreader S base unit | Firmware <02.02.00 |
| 402321 | PITreader S card unit | Firmware <02.02.00 |
| 402255 | PITreader base unit (HR 01) | Firmware <01.05.04 |
| 402255 | PITreader base unit (HR 02) | Firmware <02.02.00 |
| 402320 | PITreader card unit | Firmware <02.02.00 |
Vulnerabilities
Expand / Collapse allAn out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
Remediation
Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.
Limit network access to legitimate connections by using a firewall or similar measures.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 06.02.2024 08:00 | Initial revision. |