Share: Email | Twitter

ID

VDE-2024-012

Published

2024-07-09 09:00 (CEST)

Last update

2024-07-08 11:28 (CEST)

Vendor(s)

ifm electronic GmbH

Product(s)

Article No┬░ Product Name Affected Version(s)
Smart PLC AC14xx Firmware <= V4.3.17
Smart PLC AC4xxS Firmware <= V4.3.17

Summary

In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.

Vulnerabilities



Last Update
April 18, 2024, 11:50 a.m.
Weakness
Use of Hard-coded Credentials (CWE-798)
Summary

An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.

Last Update
July 4, 2024, 11:56 a.m.
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. 

Last Update
July 4, 2024, 11:56 a.m.
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A remote attacker with high privileges may use a deleting file function to inject OS commands.

Last Update
July 4, 2024, 11:55 a.m.
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A remote attacker with high privileges may use a writing file function to inject OS commands.

Last Update
July 4, 2024, 11:55 a.m.
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A remote attacker with high privileges may use a reading file function to inject OS commands.

Impact

Please see the CVE description. 

Solution

Mitigation

When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.

Remediation

Update to Firmware Version 6.1.8 or later.

Reported by

CERT@VDE coordinated with ifm

The vulnerability was reported by Logan Carpenter from Dragos.