PEPPERL+FUCHS Path traversal in WirelessHART Gateway

VDE-2019-002 (2019-03-06 11:35 UTC+0100)

CVE Identifier

CVE-2018-16059

Affected Vendors

PEPPERL+FUCHS

Affected Products

WHA-GW-*

Vulnerability Type

Path Traversal (CWE-22)

Summary

Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored on the device by manipulating file parameters that reference these. Incoming HTTP requests using fcgi-bin/wgsetcgi and a filename parameter allow a directory / path traversal. A publicly available exploit already exists for this vulnerability.

Impact

Successful vulnerability exploitation enables remote, unauthenticated attackers to gain unauthorized access to arbitrary files on WirelessHART-Gateways. This includes applications, data, credentials and sensitive operating system files.

Solution

A Firmware (version see table below), which solves the problem, is available. Please contact your support representative for this particular firmware package and update the corresponding product.

Product ID

Version

Bus-Interface of Device

WHA-GW-*-ETH

03.00.08

Modbus

WHA-GW-*-ETH.EIP

02.00.01

Ethernet/IP

Reported by

Hamit CİBO published an exploit for the attack on “0day.today”.

PEPPERL+FUCHS reported this vulnerability to CERT@VDE.