|Article No°||Product Name||Affected Version(s)|
|Box Thin Client BTC*||<= current version|
|VisuNet PC*||<= current version|
|VisuNet RM*||<= current version|
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
See details on Microsoft's advisories:
Update A, 07.10.2019
VisuNet RM Shell 3 devices based on a Windows XP Embedded system do not contain the Remote Desktop Services and therefore this vulnerability could not be used by an attacker.
At VisuNet RM Shell 4 devices the Remote Desktop Services are disabled by default and therefore this vulnerability could not be used by an attacker. It could only be used when the device Administrator enabled the Remote Desktop Services after commissioning.
At VisuNet PC devices with Windows XP, Windows 7 or Windows 10 it should be verified if these services are disabled.
Systems with enabled Network Level Authentication (NLA) are only partially affected, as NLA requires authentication before the vulnerability can be triggered. However these systems are still vulnerable to Remote Code Execution (RCE) if the attacker has valid credentials.
Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:
Pepperl+Fuchs reported this vulnerability to CERT@VDE