VDE-2025-002 | CERT@VDE

2025-02-25 11:00 (CET) VDE-2025-002

PEPPERL+FUCHS: HMI – devices are affected by Windows RCE

Share: Email | Twitter

ID

VDE-2025-002

Published

2025-02-25 11:00 (CET)

Last update

2025-02-24 10:32 (CET)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No°	Product Name	Affected Version(s)
	Image <= 118-0241B: Native Windows installed on PC82***-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0241B: Native Windows installed on PC9***-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0242H: VisuNet RM Shell 5 installed on BTC01-*	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0243M: VisuNet RM Shell 5 installed on RM82**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0243M: VisuNet RM Shell 5 installed on RM9**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0244N: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0249M: VisuNet RM Shell 5 installed on RM37**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0250B: Native Windows installed on PC82***-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0250B: Native Windows installed on PC9***-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0259: Native Windows installed on PC2**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0261: Native Windows installed on PC97*-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0269: Native Windows installed on PC37**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0274J: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0280A: Native Windows installed on BTC12-*	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0281E: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 118-0281E: VisuNet RM Shell 5 installed on RM37**-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 18-33385C: Native Windows installed on PCU1100-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 18-33416N: VisuNet RM Shell 5 installed on TCU100-	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 18-33582M: VisuNet RM Shell 5 installed on BTC12-*	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 18-33834F: VisuNet RM Shell 5 installed on BTC14-*	Windows 10 IoT Enterprise LTSB 2016 < KB5041773
	Image <= 18-34023C: VisuNet RM Shell 5 installed on TCU100-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34024A: Native Windows installed on PCU1100-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34055D: Native Windows installed on BPC3200-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34055D: Native Windows installed on PC-320-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34068A: VisuNet RM Shell 5 installed on BTC12-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34076C: VisuNet RM Shell 5 installed on BTC12-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34093E: VisuNet RM Shell 5 installed on BPC3200-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34093E: VisuNet RM Shell 5 installed on RM-320-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34191C: VisuNet RM Shell 5 installed on BTC14-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34261A: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34261A: VisuNet RM Shell 5 installed on RM37**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34263A: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34264A: VisuNet RM Shell 5 installed on RM2**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34264A: VisuNet RM Shell 5 installed on RM37**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34298A: VisuNet RM Shell 5 installed on RM82**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34298A: VisuNet RM Shell 5 installed on RM9**-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34308: VisuNet RM Shell 5 installed on BTC01-*	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34309: VisuNet RM Shell 5 installed on TCU100-	Windows 10 IoT Enterprise LTSC 2019 < KB5041578
	Image <= 18-34720C: VisuNet RM Shell 6 installed on TCU100-	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34754C: VisuNet RM Shell 6 installed on TCU100-	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34755D: VisuNet RM Shell 6 installed on BTC12-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34756D: VisuNet RM Shell 6 installed on BTC14-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34757D: VisuNet RM Shell 6 installed on BPC3200-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34757D: VisuNet RM Shell 6 installed on RM-320-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34760C: VisuNet RM Shell 6 installed on BTC22-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34831: Native Windows installed on PCU1100-	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34873: Native Windows installed on BPC3200-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-34873: Native Windows installed on PC-320-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580
	Image <= 18-35000: VisuNet RM Shell 6 installed on BTC24-*	Windows 10 IoT Enterprise LTSC 2021 < KB5041580

Summary

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.

CVE ID

CVE-2024-38063

Last Update:

Feb. 24, 2025, 10:11 a.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Integer Underflow (Wrap or Wraparound) (CWE-191)

Summary

Windows TCP/IP Remote Code Execution Vulnerability

Details

nvd.nist.gov

Impact

An unauthenticated remote attacker can

read confidential information from the device
modify or delete data on the device
execute code on the device

Solution

Remediation

For the Windows Versions please install the “2024-08 Cumulative Update” from Microsoft.

For the RM Shell Versions please install:

RM Shell 5 based on Windows 10 LTSB 2016: 18-33624T Windows Cumulative Security Patch - 2024-08 for RM Image 5 based on Windows 10 LTSB 2016 (KB5041773) found at Thin Client Firmware VisuNet RM Shell 5 (2016 LTSB) (pepperl-fuchs.com).

RM Shell 5 based on Windows 10 LTSC 2019: 18-34182G Windows Cumulative Security Patch - 2024-08 for RM Image 5.5 based on Windows 10 LTSC 2019 (KB5041578) found at Thin Client Firmware VisuNet RM Shell 5 (2019 LTSC) (pepperl-fuchs.com).

RM Shell 6 based on Windows 10 LTSC 2021: 18-34927A RM Image Security Patch - Windows Cumulative Security Patch 2024-08 (KB5041580) and .Net (KB5042056) found at Thin Client Firmware VisuNet RM Shell 6 (pepperl-fuchs.com).

Reported by

CERT@VDE coordinated with Pepperl+Fuchs