The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.

Update, 18.9.2019, 18:30

  • fixed typo in modelname, replaced PCF with PFC

A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.

A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

See details on Microsoft's advisories:

CVE-2019-0708 (
CVE-2019-1181 (
CVE-2019-1182 (

Update A, 07.10.2019

  • Added CVE-2019-1181 + CVE-2019-1182 to Summary
  • Removed line "VisuNet RM Shell 5 devices and VisuNet PC devices running Windows 10 are not affected by this vulnerability." from Impact.
  • Added "RM Shell 5 devices" info to Solution

Miele XGW 3000 is a ZigBee-TCP/IP gateway. The gateway connects Miele ZigBee-Appliances (called Miele@home) with local customer TCP/IP-Network and allows visualizing the appliance state on the web interface of the gateway, Miele SuperVision capable appliance, smartphone/tablet app or home automatization device.

An external security researcher reported two vulnerabilities in XGW 3000 gateway and provided a Proof-of-Concept. The combined exploitation of both vulnerabilities allow the circumvention of the authentication mechanisms of the XGW3000.

The Miele PSIRT managed to reproduce the findings and successfully exploited the gateway. Therefore, the existence of all vulnerabilities has been confirmed.

keine CVE ID vergeben

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.


Nach Hersteller




(Scoring für CVSS 2.0,3.0+3.1)
Kein CVE verfügbar
0.1 <= 3.9
4.0 <= 6.9
7.0 <= 8.9
9.0 <= 10.0