VDE-2022-012 | CERT@VDE

2022-04-26 14:00 (CEST) VDE-2022-012

Pepperl+Fuchs: Vulnerability in multiple VisuNet devices (UPDATE A)

Share: Email | Twitter

ID

VDE-2022-012

Published

2022-04-26 14:00 (CEST)

Last update

2022-05-16 16:15 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No°	Product Name	Affected Version(s)
	BTC11--TS2-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	BTC11--TS3-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	BTC12--TS2-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	BTC12--TS3-	= RM Shell Version 5.x, Windows 10 LTSC 2019
	BTC14--TS2-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	BTC14--TS3-	= RM Shell Version 5.x, Windows 10 LTSC 2019
	PAD-EX01P8DZ2EURC0508256WIFRMS	= RM Shell Version 5.x, Windows 10 LTSC 2019
	RM2xx--T6-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM3207--T61-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM-320S--2-	= RM Shell Version 5.x, Windows 10 LTSC 2019
	RM32xx--T61-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM37xx--T6-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM82xx--T61-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM87xx--T61-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM9xx--T61-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM-GXP--T2-	= RM Shell Version 5.x, Windows 10 LTSC 2016
	RM-GXP--T3-	= RM Shell Version 5.x, Windows 10 LTSC 2019
	UPGRADE-RMSHELL4-TO-SHELL5*	= RM Shell Version 5.x, Windows 10 LTSC 2016
	UPGRADE-TO-SHELL5-2019-LTSC*	= RM Shell Version 5.x, Windows 10 LTSC 2019

Summary

Critical vulnerabilities have been discovered in the utilized component Remote Desktop Client by Microsoft.
For more information see: https://msrc.microsoft.com/update-guide/vulnerability/CVE- 2022-21990

CVE ID

CVE-2022-21990

Last Update:

March 28, 2022, 3:50 p.m.

Severity

8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness

Insufficient Information (NVD-CWE-noinfo)

Summary

Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285.

Details

nvd.nist.gov

Impact

Pepperl+Fuchs analyzed and identified affected devices.

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
The impact of the vulnerabilities on the affected device may result in

code execution

With the products mentioned above, the connection can only be established to RDP servers that have already been preconfigured by the role administrator or engineer. The role operator can therefore not connect to a random RDP server.

Solution

Mitigation

The following external protective measured are required:

Connect only to trusted RDP servers.
Protect your RDP servers with anti-virus software and Intrusion Detection System
(=IDS)
Access control to RDP servers and the role administrator and engineer on the
affected device.

UPDATE A

Solution

Install the following firmware with security patches to fix this vulnerability.
For products with Windows 10 LTSB 2016:
RM Image 5 Windows Cumulative Security Patch 03/2022 (KB5011495)

incl. 2021-09 Servicing Stack Update (KB5005698)

incl. Microsoft .NET Framework 4.7.2 for x64 (KB4054590)

Link: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-33624

For products with Windows 10 LTSC 2019:
RM Image 5.5 Windows Cumulative Security Patch for LTSC 03/2022 (KB5011503)

incl. 08/2021 Servicing Stack Update (KB5005112)

Link: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34182

Please note that the links provided are managed and point to the latest firmware available
for VisuNet devices.

END UPDATE A

Reported by

CERT@VDE coordinated with Pepperl+Fuchs.