Share: Email | Twitter

ID

VDE-2025-046

Published

2025-06-30 12:00 (CEST)

Last update

2025-06-27 10:57 (CEST)

Vendor(s)

Pilz GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
Pilz Software PiCtory < 2.12

Summary

PiCtory, a web application to configure the Pilz industrial PC IndustrialPI, has three vulnerabilities with varying degrees of severity. The first two are of critical severity and can lead to a bypass of authentication and a cross-site-scripting attack. The third vulnerability with medium severity puts PiCtory at a risk of a reflected cross-site-scripting attack.

Vulnerabilities



Last Update
June 27, 2025, 10:19 a.m.
Weakness
Authentication Bypass by Primary Weakness (CWE-305)
Summary

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.

Last Update
June 27, 2025, 10:20 a.m.
Weakness
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97)
Summary

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.

Last Update
June 27, 2025, 10:21 a.m.
Weakness
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97)
Summary

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an sso_token, that script will reply to the user and be executed.

Impact

An unauthenticated attacker can change the configuration of the PiCtory project. This can lead to unwanted behavior or a Denial of Service.

Solution

Remediation

Update the PiCtory package to version 2.12 via the 'apt' package manager. Use 'sudo apt update && sudo apt upgrade -y' to pull and install all available updates for the IndustrialPI. To check the version of the pictory package, use 'dpkg -l | grep pictory'.; Limit network access to the IndustrialPI by using a firewall or similar measures.;

Reported by

CERT@VDE coordinated with Pilz GmbH & Co. KG