Summary
PIT User Authentication Service is part of the operating mode selection and access permission system PITmode. The PIT User Authentication Service is affected by multiple vulnerabilities in included third-party components.
Impact
The attacker can intercept the communication between the PITreader and the PIT User Authentication Service which can lead to disclosure of the PITreader API token. Furthermore the PIT User Authentication Service is vulnerable to a Denial of Service attack.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| PIT User Authentication Service 1.4.0 | PIT User Authentication Service 1.4.0 | |
| PIT User Authentication Service <1.4.1 | PIT User Authentication Service <1.4.1 |
Vulnerabilities
Expand / Collapse allMitigation
Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
Remediation
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version "Software PIT User Auth. Service 1.4.1" on to your device.
Acknowledgments
Pilz GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 02/02/2026 09:00 | Initial Version |
| 1.0.1 | 02/02/2026 11:00 | Summary has been updated. |