Summary
Critical vulnerabilities has been discovered in the product, mainly caused by ananonymous FTP server and Telnet access.The impact of the vulnerabilities on the affected device may result in
Information disclosure
Denial of service
Device manipulation
Impact
Pepperl+Fuchs analyzed and identified affected devices.
An attacker can
read out images, serial number of the device, version numbers of firmware and OS log-files, configuration
stop processes,
read out, delete and change data.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 194233 | OIT1500-F113-B12-CB | Firmware <= V2.11.0 |
| 194231 | OIT200-F113-B12-CB | Firmware <= V2.11.0 |
| 194232 | OIT500-F113-B12-CB | Firmware <= V2.11.0 |
| 295845 | OIT700-F113-B12-CB | Firmware <= V2.11.0 |
Vulnerabilities
Expand / Collapse allAn unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 10.07.2024 08:00 | Initial revision. |
| 1.1.0 | 27.08.2025 12:00 | Update: CWE from CVE-2024-6421, Revision History |