An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
The vulnerability results from the lack of an authentication mechanism (CWE-306) for the Telnet service available over the network. An attacker can connect to the device via the Telnet protocol without providing any authentication credentials. After establishing a connection, they gain the ability to execute commands, manipulate processes, and data on the device.
An unauthenticated remote attacker can stop running processes, read, delete, and modify data on the device. In practice, this means the possibility of complete takeover of control over an industrial device.
Patches available from the manufacturer should be applied according to the references (https://cert.vde.com/en/advisories/VDE-2024-038). Until updates are applied, it is recommended to isolate devices from untrusted networks, block access to the Telnet port at the firewall level, and restrict network access to devices only to trusted hosts.
Pepperl-Fuchs OIT700-F113-B12-CB, Pepperl-Fuchs OIT500-F113-B12-CB, Pepperl-Fuchs OIT200-F113-B12-CB — specific firmware versions indicated in the manufacturer's references (CERT VDE VDE-2024-038)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPepperl Fuchs Oit1500 F113 B12 Cb
HWPepperl-Fuchswszystkie wersjePepperl Fuchs Oit1500 F113 B12 Cb Firmware
OSPepperl-Fuchs≤ 2.11.0Pepperl Fuchs Oit200 F113 B12 Cb
HWPepperl-Fuchswszystkie wersjePepperl Fuchs Oit200 F113 B12 Cb Firmware
OSPepperl-Fuchs≤ 2.11.0Pepperl Fuchs Oit500 F113 B12 Cb
HWPepperl-Fuchswszystkie wersjePepperl Fuchs Oit500 F113 B12 Cb Firmware
OSPepperl-Fuchs≤ 2.11.0Pepperl Fuchs Oit700 F113 B12 Cb
HWPepperl-Fuchswszystkie wersjePepperl Fuchs Oit700 F113 B12 Cb Firmware
OSPepperl-Fuchs≤ 2.11.0
Related vulnerabilities
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured ...
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded cr...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...