Share: Email | Twitter

ID

VDE-2024-033

Published

2024-08-13 14:00 (CEST)

Last update

2024-08-09 14:43 (CEST)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No° Product Name Affected Version(s)
70114034 ICDM-RX/EN1-2DB9/RJ45-DIN < EIP/Modbus v1.08
70114036 ICDM-RX/EN1-2ST/RJ45-DIN < EIP/Modbus v1.08
70114035 ICDM-RX/EN1-4DB9/2RJ45-DIN < EIP/Modbus v1.08
70114032 ICDM-RX/EN1-DB9/RJ45-DIN < EIP/Modbus v1.08
70114024 ICDM-RX/EN1-DB9/RJ45-PM < EIP/Modbus v1.08
70114033 ICDM-RX/EN1-ST/RJ45-DIN < EIP/Modbus v1.08
70114026 ICDM-RX/EN-2DB9/RJ45-DIN < EtherNet/IP v7.22
70114027 ICDM-RX/EN-2ST/RJ45-DIN < EtherNet/IP v7.22
70104872 ICDM-RX/EN-4DB9/2RJ45-DIN < EtherNet/IP v7.22
70104870 ICDM-RX/EN-DB9/RJ45-DIN < EtherNet/IP v7.22
70114020 ICDM-RX/EN-DB9/RJ45-PM < EtherNet/IP v7.22
70104871 ICDM-RX/EN-ST/RJ45-DIN < EtherNet/IP v7.22
70104884 ICDM-RX/MOD-4DB9/2RJ45-DIN < Modbus Router v7.09
70104884 ICDM-RX/MOD-4DB9/2RJ45-DIN < Modbus Server v7.11
70104884 ICDM-RX/MOD-4DB9/2RJ45-DIN < Modbus TCP v7.11
70104882 ICDM-RX/MOD-DB9/RJ45-DIN < Modbus Router v7.09
70104882 ICDM-RX/MOD-DB9/RJ45-DIN < Modbus Server v7.11
70104882 ICDM-RX/MOD-DB9/RJ45-DIN < Modbus TCP v7.11
70104883 ICDM-RX/MOD-ST/RJ45-DIN < Modbus Router v7.09
70104883 ICDM-RX/MOD-ST/RJ45-DIN < Modbus Server v7.11
70104883 ICDM-RX/MOD-ST/RJ45-DIN < Modbus TCP v7.11
70114039 ICDM-RX/PN1-2DB9/RJ45-DIN < PROFINET/Modbus v1.0.7
70114042 ICDM-RX/PN1-2ST/RJ45-DIN < PROFINET/Modbus v1.0.7
70114040 ICDM-RX/PN1-4DB9/2RJ45-DIN < PROFINET/Modbus v1.0.7
70114037 ICDM-RX/PN1-DB9/RJ45-DIN < PROFINET/Modbus v1.0.7
70114025 ICDM-RX/PN1-DB9/RJ45-PM < PROFINET/Modbus v1.0.7
70114038 ICDM-RX/PN1-ST/RJ45-DIN < PROFINET/Modbus v1.0.7
70114028 ICDM-RX/PN-2DB9/RJ45-DIN < PROFINET v3.4.9
70114029 ICDM-RX/PN-2ST/RJ45-DIN < PROFINET v3.4.9
70104875 ICDM-RX/PN-4DB9/2RJ45-DIN < PROFINET v3.4.9
70104873 ICDM-RX/PN-DB9/RJ45-DIN < PROFINET v3.4.9
70114018 ICDM-RX/PN-DB9/RJ45-PM < PROFINET v3.4.9
70104874 ICDM-RX/PN-ST/RJ45-DIN < PROFINET v3.4.9
70114049 ICDM-RX/TCP-16DB9/RJ45-RM < SocketServer 11.65
70139042 ICDM-RX/TCP-16RJ45/2RJ45-PM < SocketServer 11.65
70114048 ICDM-RX/TCP-16RJ45/RJ45-RM < SocketServer 11.65
70114044 ICDM-RX/TCP-2DB9/RJ45-DIN < SocketServer 11.65
70114045 ICDM-RX/TCP-2ST/RJ45-DIN < SocketServer 11.65
70114050 ICDM-RX/TCP-32RJ45/RJ45-RM < SocketServer 11.65
70104869 ICDM-RX/TCP-4DB9/2RJ45-DIN < SocketServer 11.65
70114046 ICDM-RX/TCP-4DB9/2RJ45-PM < SocketServer 11.65
70114047 ICDM-RX/TCP-8DB9/2RJ45-PM < SocketServer 11.65
70104867 ICDM-RX/TCP-DB9/RJ45-DIN < SocketServer 11.65
70104885 ICDM-RX/TCP-DB9/RJ45-PM < SocketServer 11.65
70139038 ICDM-RX/TCP-DB9/RJ45-PM2 < SocketServer 11.65
70104868 ICDM-RX/TCP-ST/RJ45-DIN < SocketServer 11.65

Summary

Vulnerabilities has been discovered in the product, mainly caused by HTML injection and crosssite-scripting.

The impact of the vulnerability on the affected device may result in an information disclosure and denial of service.

Vulnerabilities



Last Update
Aug. 30, 2024, 9:21 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
Last Update
Aug. 30, 2024, 9:21 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
Last Update
Aug. 30, 2024, 9:21 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.

Impact

An unauthenticated remote attacker may use

  • a HTML injection vulnerability with limited length to inject malicious HTML code.
  • a reflected XSS vulnerability to obtain information from a user or reboot the device once.
  • stored XSS vulnerability to obtain information from a user or reboot the device once.

Solution

Update to a new version of the firmware you are using:

  • SocketServer v11.66
  • PROFINET v3.4.10
  • PROFINET/Modbus v1.0.8
  • EtherNet/IP v7.23
  • EIP/Modbus v1.09
  • Modbus Router v7.10
  • Modbus Server v7.12
  • Modbus TCP v7.12

Reported by

Christopher Di-Nozzi
CERT@VDE coordinated with Pepperl + Fuchs