VDE-2024-002

Vulnerability from csaf_pilzgmbhcokg - Published: 2024-02-06 07:00 - Updated: 2024-02-06 07:00
Summary
Pilz: Multiple products affected by uC/HTTP vulnerability
Notes
Summary: The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.
Impact: An unauthenticated attacker can exploit the vulnerabilities by sending specially crafted HTTP packets to the system. Depending on the vulnerability, memory content can be overwritten or corrupted. In a worst-case scenario this can be used by the attacker to execute arbitrary code on the system to gain full control over it.
Remediation: Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-31247

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-28391

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-27882

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-25181

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
CVE-2023-24585

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed firmware version. Please visit the Pilz Website to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual. Limit network access to legitimate connections by using a firewall or similar measures.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain full control over the system.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An unauthenticated attacker can exploit the vulnerabilities by sending specially crafted HTTP packets to the system. Depending on the vulnerability, memory content can be overwritten or corrupted. In a worst-case scenario this can be used by the attacker to execute arbitrary code on the system to gain full control over it.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@pilz.com",
      "name": "Pilz GmbH \u0026 Co. KG",
      "namespace": "https://www.pilz.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-002: Pilz: Multiple products affected by uC/HTTP vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-002/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-002: Pilz: Multiple products affected by uC/HTTP vulnerability - CSAF",
        "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-002.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.pilz.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/pilz/"
      }
    ],
    "title": "Pilz: Multiple products affected by uC/HTTP vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2024-002"
      ],
      "current_release_date": "2024-02-06T07:00:00.000Z",
      "generator": {
        "date": "2025-05-14T09:53:25.219Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "VDE-2024-002",
      "initial_release_date": "2024-02-06T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-02-06T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "PIT gb RLLE y down ETH",
                "product": {
                  "name": "PIT gb RLLE y down ETH",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "G1000021"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PIT gb RLLE y up ETH",
                "product": {
                  "name": "PIT gb RLLE y up ETH",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "G1000020"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PITreader base unit (HR 01)",
                "product": {
                  "name": "PITreader base unit (HR 01)",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "402255"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PITreader base unit (HR 02)",
                "product": {
                  "name": "PITreader base unit (HR 02)",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "402255"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PITreader card unit",
                "product": {
                  "name": "PITreader card unit",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "402320"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PITreader S base unit",
                "product": {
                  "name": "PITreader S base unit",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "402256"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PITreader S card unit",
                "product": {
                  "name": "PITreader S card unit",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "402321"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c02.02.00",
                "product": {
                  "name": "Firmware \u003c02.02.00",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c01.05.04",
                "product": {
                  "name": "Firmware \u003c01.05.04",
                  "product_id": "CSAFPID-21002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Pilz"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PIT gb RLLE y down ETH",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PIT gb RLLE y up ETH",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c01.05.04 installed on PITreader base unit (HR 01)",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PITreader base unit (HR 02)",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PITreader card unit",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PITreader S base unit",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c02.02.00 installed on PITreader S card unit",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-31247",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-31247"
    },
    {
      "cve": "CVE-2023-28379",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-28379"
    },
    {
      "cve": "CVE-2023-28391",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-28391"
    },
    {
      "cve": "CVE-2023-27882",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-27882"
    },
    {
      "cve": "CVE-2023-25181",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-25181"
    },
    {
      "cve": "CVE-2023-24585",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed firmware version. Please visit the Pilz Website\u00a0to download the latest firmware update. Instructions about installing the firmware update can be found in the user manual.\nLimit network access to legitimate connections by using a firewall or similar measures.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-24585"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.