PEPPERL+FUCHS: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.
VDE-2021-007 (2021-02-16 15:53 UTC+0100)
CVE Identifier
CVE-2021-20987Affected Vendors
PEPPERL+FUCHS
Affected Products
PCV/PXV/PGV
Item No. | Item | Vulnerable Profinet Communication FW |
293431-100004 | PXV100-F200-B25-V1D | <= V1.10.0 |
293431-100010 | PXV100I-F200-B25-V1D | |
284068 | PCV100-F200-B25-V1D-6011-6720 | |
262161 | PCV50-F200-B25-V1D | |
262162 | PCV80-F200-B25-V1D | |
262163 | PCV100-F200-B25-V1D-6011 |
WCS
Item No. | Item | Vulnerable Profinet Communication FW |
262006 | WCS3B-LS510 | <= V1.2.1 |
304866 | WCS3B-LS510H | |
304867 | WCS3B-LS510D | |
304868 | WCS3B-LS510DH | |
312680 | WCS3B-LS510H-OM | |
312681 | WCS3B-LS510DH-OM | |
312682 | WCS3B-LS510D-OM | |
312683 | WCS3B-LS510-OM |
Vulnerability Type
Stack- based Buffer Overflow (CWE - 121)Summary
Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can
- denial of service
- remote code execution
- code exposure
For more information see advisory by Hilscher:
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480
Impact
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.
Solution
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Reported by
Hilscher Gesellschaft für Systemautomation mbH