Multiple Wiesemann & Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative privileges by inserting an executable file in the path of the affected product.
Update A, 07.03.2024
Incorrect version numbers have been corrected.
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications.
MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The vulnerabilities covered by this advisory have a broad range of impacts ranging from denial-ofservice to disclosure or manipulation/deletion of information. Given the intended usage of MES PCs for didactic purposes in controlled lab environments, separate from productive systems, it never comes into contact with sensitive information. Therefore the impact is reduced to limited availability of the system.
Overall, the product is affected by the following CVEs:
CVEs: CVE-2006-20001, CVE-2013-6501, CVE-2014-9705, CVE-2014-9709, CVE-2015-2301, CVE-2015-2348, CVE-2015-2787, CVE-2016-3078, CVE-2016-5385, CVE-2018-12882, CVE-2018-14851, CVE-2018-14883, CVE-2018-17082, CVE-2018-19518, CVE-2018-19935, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9025, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11048, CVE-2019-11049, CVE-2019-11050, CVE-2020-2752, CVE-2020-2760, CVE-2020-2780, CVE-2020-2812, CVE-2020-2814, CVE-2020-2922, CVE-2020-7059, CVE-2020-7060, CVE-2020-7061, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7071, CVE-2021-2007, CVE-2021-2011, CVE-2021-2022, CVE-2021-2032, CVE-2021-2144, CVE-2021-2154, CVE-2021-2166, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194, CVE-2021-2372, CVE-2021-2389, CVE-2021-21702, CVE-2021-21703, CVE-2021-21704, CVE-2021-21705, CVE-2021-21706, CVE-2021-21707, CVE-2021-21708, CVE-2021-27928, CVE-2021-35604, CVE-2021-46661, CVE-2021-46662, CVE-2021-46663, CVE-2021-46664, CVE-2021-46665, CVE-2021-46666, CVE-2021-46667, CVE-2021-46668, CVE-2021-46669, CVE-2022-4900, CVE-2022-21595, CVE-2022-23807, CVE-2022-23808, CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27385, CVE-2022-27386, CVE-2022-27387, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457, CVE-2022-27458, CVE-2022-31625, CVE-2022-31626, CVE-2022-31628, CVE-2022-31629, CVE-2022-32081, CVE-2022-32082, CVE-2022-32083, CVE-2022-32084, CVE-2022-32085, CVE-2022-32086, CVE-2022-32087, CVE-2022-32088, CVE-2022-32089, CVE-2022-32091, CVE-2022-36760, CVE-2022-37436, CVE-2023-0567, CVE-2023-0568, CVE-2023-0662, CVE-2023-25690, CVE-2023-25727, CVE-2023-27522
The vulnerabilities with a critical severity are listed below.
The affected products and versions present a vulnerability due to a vulnerable integrated software component the docker runc <= 1.1.11. In the worst-case scenario, the integrated Docker container environment could be compromised, potentially enabling the execution of arbitrary code within the Docker environment or neighboring Docker containers if dockerfiles or Docker images from untrusted sources are utilized.
It's crucial to emphasize that while the Docker environment is vulnerable, the host operating system remains
unharmed due to its isolation from the Docker environment within the ads-tec products.
Using Docker images or Dockerfiles from untrusted sources poses a risk. This advice is especially pertinent for Docker use in productive operational technology (OT) environments, and it's our expectation that our customers adhere strictly to this guidance anyway.
CVE-2024-24781: If the above mentioned products are loaded with Wire speed (1Gbit/s or 100Mbit/s) the resources of the Ethernet-Controller are exhausted and it must be reset by the system automatically after load disappears. This leads to an interruption (DoS) of all other communications of the affected Ethernet-Controller.
CVE-2024-24782: Most of the above mentioned products offer a VLAN feature. This helps to segregate ports of the switch included in each of the products. VLAN are meant to segregate networks. Furthermore a MAC-learning mode called “conservative” is provided. In this mode the ARP table is updated earliest within 1..2 times ARP aging time.
X-SB 01 (985210207) is not affected by this CVE.
The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.