PPSA-2026-001

Vulnerability from csaf_pilzgmbhcokg - Published: 2026-02-02 08:00 - Updated: 2026-02-02 10:00
Summary
Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service
Severity
High
Notes
LICENSE: Link to repository: [CERT@VDE CSAF Template](https://github.com/CERTVDE/CSAF-Template) © 2025 by [CERT@VDE](https://certvde.com) is licensed under [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1) This document note may only be removed in order to create a CSAF advisory based on this template.
Summary: **PIT User Authentication Service is part of the operating mode selection and access permission system PITmode.** The PIT User Authentication Service is affected by multiple vulnerabilities in included third-party components.
Impact: The attacker can intercept the communication between the PITreader and the PIT User Authentication Service which can lead to disclosure of the PITreader API token. Furthermore the PIT User Authentication Service is vulnerable to a Denial of Service attack.
Remediation: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version "Software PIT User Auth. Service 1.4.1" on to your device.
Mitigation: Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
CVE-2025-12383

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

7.4 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Mitigation Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
Vendor Fix Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'Software PIT User Auth. Service 1.4.1' on to your device.
CVE-2025-61795

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-404 - Improper Resource Shutdown or Release
Mitigation Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
Vendor Fix Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'Software PIT User Auth. Service 1.4.1' on to your device.
CVE-2025-48988

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 - Allocation of Resources Without Limits or Throttling
Mitigation Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
Vendor Fix Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'Software PIT User Auth. Service 1.4.1' on to your device.
CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-459 - Incomplete Cleanup
Mitigation Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.
Vendor Fix Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'Software PIT User Auth. Service 1.4.1' on to your device.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "audience": "csaf creator",
        "category": "other",
        "text": "Link to repository: [CERT@VDE CSAF Template](https://github.com/CERTVDE/CSAF-Template) \u00a9 2025 by [CERT@VDE](https://certvde.com) is licensed under [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1) \n\nThis document note may only be removed in order to create a CSAF advisory based on this template.",
        "title": "LICENSE"
      },
      {
        "category": "summary",
        "text": "**PIT User Authentication Service is part of the operating mode selection and access permission system PITmode.** The PIT User Authentication Service is affected by multiple vulnerabilities in included third-party components.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The attacker can intercept the communication between the PITreader and the PIT User Authentication Service which can lead to disclosure of the PITreader API token. Furthermore the PIT User Authentication Service is vulnerable to a Denial of Service attack.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \"Software PIT User Auth. Service 1.4.1\" on to your device.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures. ",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@pilz.com",
      "name": "Pilz GmbH \u0026 Co. KG",
      "namespace": "https://www.pilz.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "For further security-related issues in Pilz products please contact the Pilz Product Security Incident Response Team (PSIRT)",
        "url": "https://www.pilz.com/security"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/pilz/"
      },
      {
        "category": "self",
        "summary": "PPSA-2026-001: Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2026-006/"
      },
      {
        "category": "self",
        "summary": "PPSA-2026-001: Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service - CSAF",
        "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2026/ppsa-2026-001.json"
      }
    ],
    "title": "Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service",
    "tracking": {
      "aliases": [
        "VDE-2026-006",
        "PPSA-2026-001"
      ],
      "current_release_date": "2026-02-02T10:00:00.000Z",
      "generator": {
        "date": "2026-02-02T10:01:58.102Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.42"
        }
      },
      "id": "PPSA-2026-001",
      "initial_release_date": "2026-02-02T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-02-02T08:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial Version"
        },
        {
          "date": "2026-02-02T10:00:00.000Z",
          "number": "1.0.1",
          "summary": "Summary has been updated."
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:generic/\u003c1.4.1",
                    "product": {
                      "name": "PIT User Authentication Service \u003c1.4.1",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.4.1",
                    "product": {
                      "name": "PIT User Authentication Service 1.4.1",
                      "product_id": "CSAFPID-52001",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:pilz:pit_user_authentication_service_software:1.4.1:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.4.0",
                    "product": {
                      "name": "PIT User Authentication Service 1.4.0",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:pilz:pit_user_authentication_service_software:1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PIT User Authentication Service"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Pilz"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12383",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027Software PIT User Auth. Service 1.4.1\u0027 on to your device.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.4,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "Race Condition allows Bypass of Trust Restrictions"
    },
    {
      "cve": "CVE-2025-61795",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "description",
          "text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.  If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.    This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.  The following versions were EOL at the time the CVE was created but are  known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027Software PIT User Auth. Service 1.4.1\u0027 on to your device.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "modifiedAttackComplexity": "HIGH",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "LOW",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS"
    },
    {
      "cve": "CVE-2025-48988",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "description",
          "text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.  This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are  known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions  may also be affected.   Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027Software PIT User Auth. Service 1.4.1\u0027 on to your device.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "Apache Tomcat: FileUpload large number of parts with headers DoS"
    },
    {
      "cve": "CVE-2025-31650",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "description",
          "text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.  This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are  known to be affected: 8.5.90 though 8.5.100.   Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Limit network access to the PITreader and PIT User Authentication Service by using a firewall, a host-based firewall or similar measures.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027Software PIT User Auth. Service 1.4.1\u0027 on to your device.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.