Zurück zur Übersicht

PEPPERL+FUCHS: Multiple products are affected by regreSSHion

VDE-2024-063
Last update
14.05.2025 14:28
Published at
08.10.2024 14:00
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2024-063
CSAF Document
Download

Summary

The affected devices run a SSH server that is affected by the regreSSHion vulnerability despite the fact that no user can actually log in through SSH. Attackers may exploit this vulnerability to gain root access to the device.

Impact

An unauthenticated remote attacker can

• read files from the device

• modify or delete data on the device

• can interrupt the device functionality

Affected Product(s)

Model no. Product name Affected versions
70123992-100000 VSE1000-F400-B12-A1000 Firmware 3D-Vision-Sensors <1.15.0.0
70123992-100001 VSE2000-F400-B12-A1000 Firmware 3D-Vision-Sensors <1.15.0.0
70123992-100002 VSE3000-F400-B12-A1000 Firmware 3D-Vision-Sensors <1.15.0.0
70123993-100000 VTE7500-F400-B12-A1500 Firmware 3D-Vision-Sensors <1.15.0.0

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:58
Severity
8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

References
cve.org | nvd.nist.gov

Remediation

Update to the Firmware version 1.15.0.0.

A firmware update will be made available shortly on the corresponding product page on the Pepper+Fuchs Homepage.

Revision History

Version Date Summary
1 02.10.2024 12:00 Initial revision.
2 06.11.2024 12:27 Fix: correct certvde domain, added self-reference
3 14.05.2025 14:28 Fix: version space, added distribution