P+F Comtrol RocketLinx®:
Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
T. Weber of SEC Consult Vulnerability Lab reported this vulnerability.
Coordinated by CERT@VDE