VDE-2021-007
Vulnerability from csaf_pepperlfuchsse - Published: 2021-02-16 14:53 - Updated: 2025-05-14 12:53Summary
Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service
Notes
Summary: Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can
denial of service
remote code execution
code exposure
For more information see advisory by Hilscher:
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480
Impact: Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may cause a cause a Denial Of Service of the product.
Mitigation: An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.
8.6 (High)
Mitigation
An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
References
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft f\u00fcr Systemautomation mbH.\nThe impact of the vulnerability on the affected device is that it can\n\ndenial of service\nremote code execution\ncode exposure\nFor more information see advisory by Hilscher:\nhttps://kb.hilscher.com/pages/viewpage.action?pageId=108969480",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may cause a cause a Denial Of Service of the product.",
"title": "Impact"
},
{
"category": "description",
"text": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-007: Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service - HTML",
"url": "https://certvde.com/de/advisories/VDE-2021-007/"
},
{
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2021-007: Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-007.json"
}
],
"title": "Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service",
"tracking": {
"aliases": [
"VDE-2021-007"
],
"current_release_date": "2025-05-14T12:53:43.000Z",
"generator": {
"date": "2024-11-11T09:37:16.578Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.14"
}
},
"id": "VDE-2021-007",
"initial_release_date": "2021-02-16T14:53:00.000Z",
"revision_history": [
{
"date": "2021-02-16T14:53:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:53:43.000Z",
"number": "2",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PCV100-F200-B25-V1D-6011 \u003c=V1.10.0",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"262163"
]
}
}
}
],
"category": "product_name",
"name": "PCV100-F200-B25-V1D-6011"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PCV100-F200-B25-V1D-6011-6720 \u003c=V1.10.0",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"284068"
]
}
}
}
],
"category": "product_name",
"name": "PCV100-F200-B25-V1D-6011-6720"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PCV50-F200-B25-V1D \u003c=V1.10.0",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"262161"
]
}
}
}
],
"category": "product_name",
"name": "PCV50-F200-B25-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PCV80-F200-B25-V1D \u003c=V1.10.0",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"262162"
]
}
}
}
],
"category": "product_name",
"name": "PCV80-F200-B25-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PXV100-F200-B25-V1D \u003c=V1.10.0",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"293431-100004"
]
}
}
}
],
"category": "product_name",
"name": "PXV100-F200-B25-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.10.0",
"product": {
"name": "Hardware PXV100I-F200-B25-V1D \u003c=V1.10.0",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"293431-100010"
]
}
}
}
],
"category": "product_name",
"name": "PXV100I-F200-B25-V1D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510 \u003c=V1.2.1",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"262006"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510D \u003c=V1.2.1",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"304867"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510DH \u003c=V1.2.1",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"304868"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510DH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510DH-OM \u003c=V1.2.1",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"312681"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510DH-OM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510D-OM \u003c=V1.2.1",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"312682"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510D-OM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510H \u003c=V1.2.1",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"304866"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510H"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510H-OM \u003c=V1.2.1",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"312680"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510H-OM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V1.2.1",
"product": {
"name": "Hardware WCS3B-LS510-OM \u003c=V1.2.1",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"312683"
]
}
}
}
],
"category": "product_name",
"name": "WCS3B-LS510-OM"
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009",
"CSAFPID-11010",
"CSAFPID-11011",
"CSAFPID-11012",
"CSAFPID-11013",
"CSAFPID-11014"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20987",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009",
"CSAFPID-11010",
"CSAFPID-11011",
"CSAFPID-11012",
"CSAFPID-11013",
"CSAFPID-11014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009",
"CSAFPID-11010",
"CSAFPID-11011",
"CSAFPID-11012",
"CSAFPID-11013",
"CSAFPID-11014"
]
}
],
"title": "CVE-2021-20987"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…