The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.
Multiple Pilz products are affected by stored cross-site-scripting (XSS) vulnerabilities. The
vulnerabilities may enable an attacker to gain full control over the system.
Update: 27.02.2024 Fix typo in advisory title
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable an attacker to gain full control over the system. The vulnerabilities can be exploited locally or over the network.
Several Pilz products use the 3rd-party component “libwebp” for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.
Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.
Update A, 2023-12-05
PAS4000 is the software platform for the Automation System PSS 4000. PAS 4000 does not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.
Several Pilz software products do not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.
PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The PASvisu Server component contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to code execution.