• 1 (current)
  • 2

The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.



Pilz: Vulnerability in PASvisu and PMI v8xx

Multiple Pilz products are affected by stored cross-site-scripting (XSS) vulnerabilities. The
vulnerabilities may enable an attacker to gain full control over the system.

Update: 27.02.2024 Fix typo in advisory title



The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable an attacker to gain full control over the system. The vulnerabilities can be exploited locally or over the network.



Several Pilz products use the 3rd-party component “libwebp” for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.



Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.

Update A, 2023-12-05

  • changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
  • removed CVE-2023-4701 because it was revoked.



Pilz: PAS 4000 prone to ZipSlip

PAS4000 is the software platform for the Automation System PSS 4000. PAS 4000 does not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.



Pilz: Multiple products affected by ZipSlip

Several Pilz software products do not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.



PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The PASvisu Server component contains multiple vulnerabilities which can be utilised to write arbitrary files, potentially leading to code execution.



  • 1 (current)
  • 2

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0