Article No° | Product Name | Affected Version(s) |
---|---|---|
IndustrialPI 4 with Firmware Bullseye | <= 2024-08 |
Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. An unauthenticated remote attacker has full access to the Node-RED server and can run arbitrary operating system commands on the underlying operating system with privileged rights.
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
The attacker can not only view but create and alter flows in Node-RED. Flows can contain code blocks where commands are executed on the IndustrialPI itself. An attacker can use these code blocks to run any command as a privileged user on the IndustrialPI.
Mitigation
Limit network access to the IndustrialPI by using a firewall or similar measures.
Remediation
Consult our PDF with remediations which you can find under https://www.pilz.com/search#currentPage=1&SEARCH=Security%20Advis.%20IndustrialPI%20Remediat.. In order to activate the authentication as described in the PDF, you have to have the Node-RED service enabled via the web application.
CERT@VDE coordinated with Pilz