Article No° | Product Name | Affected Version(s) |
---|---|---|
IndustrialPI 4 with IndustrialPI webstatus | < 2.4.6 |
The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
An attacker can bypass the login to the web application making it possible to access and maliciously change all available settings of the IndustrialPI.
Remediation
Update the webstatus package to version 2.4.6 via the 'apt' package manager. Use 'sudo apt update && sudo apt upgrade -y' to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use 'dpkg -l | grep revpi-webstatus'.; Limit network access to the IndustrialPI by using a firewall or similar measures.;
CERT@VDE coordinated with Pilz