Vulnerabilities in Pepperl+Fuchs switches allow interception of control over the device

Vulnerabilities in Pepperl+Fuchs switches allow interception of control over the device

Dangerous vulnerabilities were detected in Pepperl+Fuchs industrial switches Comtrol RocketLinx (CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503 and CVE-2020-12504).

Operation of some of them allows for full control over the device

The problems were discovered by security researchers from the Austrian IT company SEC Consult. In total, five vulnerabilities were discovered that can be used to access vulnerable switches, execute commands and get information. Three of them are critical and two are dangerous.



According to experts, exploiting vulnerabilities requires network access to the target switch (without permissions on the device itself). One of the critical problems allows an unauthorized attacker to make changes to the device configuration, including entering network parameters, uploading configuration files, firmware and loaders. Vulnerability can also be used to call “denial of service” status, but this can be fixed by rebooting and reconfiguring the device.

Another critical vulnerability is related to the existence of several built-in accounts but according to the vendor, some of them are read-only.

“TFTP server can be used to read all files on the system, because the daemon is run as a superuser, which results in opening the password hash through /etc/passwd file. However, write access is limited to certain files (configurations, certificates, bootloader, firmware upgrade). By downloading malicious Quagga configuration files, an attacker can change, for example, the device IP settings. Malicious firmware and loaders can also be downloaded”,
– explained.

Researchers have also identified several vulnerabilities associated with command implementation, and while their use requires authentication, the lack of protection against cross-site request tampering allows an attacker to perform actions on behalf of an authenticated user by convincing the attacker to open a malicious link.



Source: securitylab



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


2 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: