| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| ES7506 | all versions | |
| ES7506 | all versions | |
| ES7510 | all versions | |
| ES7510-XT | all versions | |
| ES7528 | all versions | |
| ES8508 | all versions | |
| ES8508F | all versions | |
| ES8509-XT | all versions | |
| ES8510 | all versions | |
| ES8510-XT | all versions | |
| ES8510-XTE | all versions | |
| ES9528/ES9528-XT | all versions | |
| ES9528-XTv2 | all versions |
Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.
Unauthenticated Device Administration
Undocumented Accounts
Unauthenticated Device Administration
Multiple Authenticated Command Injections
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
T. Weber of SEC Consult Vulnerability Lab reported this vulnerability.
Coordinated by CERT@VDE