Share: Email | Twitter

ID

VDE-2019-002

Published

2019-03-06 11:35 (CET)

Last update

2019-03-06 11:35 (CET)

Vendor(s)

Pepperl+Fuchs SE

Product(s)

Article No° Product Name Affected Version(s)
WHA-GW-*-ETH < 03.00.08
WHA-GW-*-ETH.EIP < 02.00.01

Summary

Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored on the device by manipulating file parameters that reference these. Incoming HTTP requests using fcgi-bin/wgsetcgi and a filename parameter allow a directory / path traversal. A publicly available exploit already exists for this vulnerability.


Last Update:

18. Februar 2020 08:01

Weakness

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

Summary

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

Impact

Successful vulnerability exploitation enables remote, unauthenticated attackers to gain unauthorized access to arbitrary files on WirelessHART-Gateways. This includes applications, data, credentials and sensitive operating system files.

Solution

A Firmware (version see table below), which solves the problem, is available. Please contact your support representative for this particular firmware package and update the corresponding product.

Product ID

Version

Bus-Interface of Device

WHA-GW-*-ETH

03.00.08

Modbus

WHA-GW-*-ETH.EIP

02.00.01

Ethernet/IP

Reported by

Hamit CİBO published an exploit for the attack.

PEPPERL+FUCHS reported this vulnerability to CERT@VDE.