Share: Email | Twitter

ID

VDE-2024-002

Published

2024-02-06 08:00 (CET)

Last update

2024-01-30 11:18 (CET)

Vendor(s)

Pilz GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
G1000021 PIT gb RLLE y down ETH < 02.02.00
G1000020 PIT gb RLLE y up ETH < 02.02.00
402255 PITreader base unit (HR 01) < 01.05.04
402255 PITreader base unit (HR 02) < 02.02.00
402320 PITreader card unit < 02.02.00
402256 PITreader S base unit < 02.02.00
402321 PITreader S card unit < 02.02.00

Summary

The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.

Vulnerabilities



CVE-2023-24585
9.8
Last Update
Jan. 24, 2024, 10:10 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Details
nvd.nist.gov 
CVE-2023-25181
9.8
Last Update
Jan. 24, 2024, 10:09 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details
nvd.nist.gov 
CVE-2023-27882
9.8
Last Update
Jan. 24, 2024, 10:08 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details
nvd.nist.gov 
CVE-2023-28391
9.8
Last Update
Jan. 24, 2024, 10:05 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details
nvd.nist.gov 
CVE-2023-28379
9.8
Last Update
Jan. 24, 2024, 10:06 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details
nvd.nist.gov 
CVE-2023-31247
9.8
Last Update
Jan. 24, 2024, 10:03 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Out-of-bounds Write (CWE-787)
Summary

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details
nvd.nist.gov 

Impact

An unauthenticated attacker can exploit the vulnerabilities by sending specially crafted HTTP packets to the system. Depending on the vulnerability, memory content can be overwritten or corrupted. In a worst-case scenario this can be used by the attacker to execute arbitrary code on the system to gain full control over it.

Solution

Product-specific Countermeasures:

  • Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.
  • Limit network access to legitimate connections by using a firewall or similar measures.

Reported by

CERT@VDE coordinated with Pilz