PEPPERL+FUCHS: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.
VDE-2021-006 (2021-02-16 16:53 UTC+0200)
CVE Identifier
CVE-2021-20986Affected Vendors
PEPPERL+FUCHS
Affected Products
PCV/PXV/PGV
| Item No. | Item | Vulnerable Profinet Communication FW |
| 285693-100000 | PGV100-F200A-B17-V1D | <= V2.0.0 |
| 285693-100001 | PGV150I-F200A-B17-V1D | <= V2.0.0 |
| 285693-100005 | PGV100-F200-B17-V1D-7477 | <= V2.0.0 |
| 293431-100003 | PXV100-F200-B17-V1D | <= V4.2.0 |
| 293431-100020 | PXV100-F200-B17-V1D-3636 | <= V4.2.0 |
| 244538 | PCV80-F200-B17-V1D | <= V3.2.3 |
| 247325 | PCV100-F200-B17-V1D | <= V3.2.3 |
| 259676 | PCV50-F200-B17-V1D | <= V3.2.3 |
| 282529 | PCV100-F200-B17-V1D-6011-6997 | <= V3.2.3 |
| 264850 | PCV100-F200-B17-V1D-6011 | <= V3.2.5 |
| 70103187 | PCV100-F200-B17-V1D-6011-8203 | <= V3.2.5 |
PXV/PGV B28 Profisafe
| Item No. | Item | Vulnerable Profinet Communication FW |
| 296169 | PXV100A-F200-B28-V1D | <= V1.0.3 |
| 298410 | PXV100A-F200-B28-V1D-6011 | <= V1.0.3 |
| 303881 | PGV100A-F200-B28-V1D | <= V1.0.3 |
| 303883 | PGV100A-F200A-B28-V1D | <= V1.0.3 |
| 70105189 | PGV100AQ-F200A-B28-V1D | <= V2.1.1 |
| 70105231 | PGV100AQ-F200-B28-V1D | <= V2.1.1 |
| 70105248 | PXV100AQ-F200-B28-V1D | <= V2.1.1 |
| 70105249 | PXV100AQ-F200-B28-V1D-6011 | <= V2.1.1 |
OHV
| Item No. | Item | Vulnerable Profinet Communication FW |
| 289804-100000 | OHV-F230-B17 | <= V1.1.0 |
OIT
| Item No. | Item | Vulnerable Profinet Communication FW |
| 316742 | OIT500-F113-B17-CB | <= V1.3.4 |
PHA
| Item No. | Item | Vulnerable Profinet Communication FW |
| 255662 | PHA300-F200-B17-V1D | <= V3.1.5 |
| 257498 | PHA400-F200-B17-V1D | |
| 258403 | PHA300-F200A-B17-V1D | |
| 265869 | PHA300-F200-B17-T-V1D | |
| 266679 | PHA200-F200A-B17-V1D | |
| 266680 | PHA200-F200-B17-V1D | |
| 270875 | PHA400-F200A-B17-V1D | |
| 283557 | PHA300-F200A-B17-T-V1D | |
| 291103 | PHA600-F200A-B17-V1D | |
| 292686 | PHA500-F200-B17-V1D | |
| 292696 | PHA500-F200A-B17-V1D | |
| 292701 | PHA600-F200-B17-V1D | |
| 293772 | PHA150-F200A-B17-V1D | |
| 295658 | PHA200-F200A-B17-T-V1D | |
| 307562 | PHA150-F200-B17-V1D | |
| 320263 | PHA800-F200-B17-V1D | |
| 323292 | PHA400-F200A-B17-T-V1D | |
| 323438 | PHA500-F200A-B17-T-V1D | |
| 70103352 | PHA700-F200-B17-V1D |
WCS
| Item No. | Item | Vulnerable Profinet Communication FW |
| 262007 | WCS3B-LS610 | <= V3.0.0 |
| 280551 | WCS3B-LS610H | |
| 280552 | WCS3B-LS610D | |
| 280553 | WCS3B-LS610DH | |
| 312676 | WCS3B-LS610H-OM | |
| 312677 | WCS3B-LS610DH-OM | |
| 312678 | WCS3B-LS610D-OM | |
| 312679 | CS3B-LS610-OM |
Vulnerability Type
Out-of-bounds Write (CWE - 787)Summary
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can
- no longer perform acyclic requests
- may drop all established cyclic connections may
- disappear completely from the network
For more information see advisory by Hilscher:
https://kb.hilscher.com/display/ISMS/2020-12-03+Denial+of+Service+vulnerability+in+PROFINET+IO+Device
Impact
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.
Solution
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Reported by
Hilscher Gesellschaft für Systemautomation mbH
