VDE-2021-034 | CERT@VDE

2021-07-30 09:55 (CEST) VDE-2021-034

Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices

Share: Email | Twitter

ID

VDE-2021-034

Published

2021-07-30 09:55 (CEST)

Last update

2021-07-30 09:55 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No°	Product Name	Affected Version(s)
	Box Thin Client BTC*	<= current version
	VisuNet PC*	<= current version
	VisuNet RM*	<= current version

Summary

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

See details on Microsoft Advisory CVE-2021-34527 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527)

CVE ID

CVE-2021-34527

Last Update:

Sept. 7, 2021, 9:36 a.m.

Severity

8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Privilege Management (CWE-269)

Summary

Windows Print Spooler Remote Code Execution Vulnerability

Details

nvd.nist.gov

Impact

An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:

Pepperl+Fuchs HMI devices running RM Shell 5 should install “Security Patch PrintNightmare (18-34369)” to disable the “Allow Print Spooler to accept client connections:” group policy to block remote attacks: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34369
Pepperl+Fuchs HMI devices running a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 should use the Windows Update functionality to update the system.
Customers using HMI devices based on Windows 7 or older should upgrade to a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 Version.

Security updates

Please check the P+F website regularly for Windows security updates and use our security update service to be informed about the latest security incidents. We will inform you as soon as Microsoft releases further security updates and measures for existing vulnerabilities.

For Support please contact your local Pepperl+Fuchs sales representative.

Reported by

Pepperl+Fuchs SE
Coordinated by CERT@VDE