| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| - | PASvisu Software | < 1.12.0 |
| 265507 | PMI v5xx | <= 1.3.58 |
| 265512 | PMI v5xx | <= 1.3.58 |
| 266704 | PMI v7xx | < 2.2.0 |
| 266707 | PMI v7xx | < 2.2.0 |
| 266807 | PMI v8xx | < 1.6.102 |
| 266812 | PMI v8xx | < 1.6.102 |
| 266815 | PMI v8xx | < 1.6.102 |
PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The PASvisu Server component contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to code execution.
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').
The PASvisu Server provides an integrated web server which is also used to send the configuration from the PASvisu Builder to the server component. When receiving and processing a configuration, it does not properly check pathnames. If the PASvisu Server is not properly protected by setting an administration password, the listed vulnerabilities can be exploited by an attacker to write arbitrary files. In the worst case scenario this could lead to remote code execution.
General Countermeasures
Product-specific Countermeasures
Pilz would like to thank CERT@VDE for coordinating publication.