PEPPERL+FUCHS Remote Code Execution Vulnerability in HMI Devices

VDE-2018-008 (2018-07-06 16:37 UTC+0200)

CVE Identifier

CVE-2018-0886

Affected Vendors

PEPPERL+FUCHS

Affected Products

VisuNet RM*, VisuNet PC*, Box Thin Client BTC*

(All products within these families)

Summary

A remote code execution vulnerability in the Microsoft's Credential Security Support Provider protocol (CredSSP) was identified by security researchers. If exploited successfully, it is possible to relay user credentials for arbitrary code execution on the target system.

See details on Microsoft Advisory CVE-2018-0866 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886)

Impact

A successful vulnerability exploitation enables an attacker to execute arbitrary code and get access to sensitive data, e.g. passwords of the compromised system. The vulnerability allows the attacker to intercept the initial RDP connection between a client and a remote-server. Then an attacker can relay user credentials to a target system and thus get complete Man in the Middle control over a session. A stolen session can be abused to run arbitrary code or commands on the target server on behalf of the user. In consequence for user sessions with sufficient privileges malicious code execution e.g. with local administrator privileges is enabled. This implies that an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:

Be aware of installing these patches, because security will be enforced by the update. Security by default restriction might result in an error due to encryption oracle remediation. Updates should be installed on both the server and the HMI device; otherwise, system compatibility might be influenced. 

This advisory will be updated as further details and/or software updates become available.

Reported by

Eyal Karni, Yaron Zinar, Roman Blachman @ Preempt, Research Labs reported these vulnerabilities to PEPPERL+FUCHS.