CRITICAL🇵🇱 Wersja polska

CVE-2024-6422

CVSS 9.8v3.1pub. 2024-07-10upd. 2024-11-21

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.

🤖 AI Analysis
How it works

The vulnerability results from the lack of an authentication mechanism (CWE-306) for the Telnet service available over the network. An attacker can connect to the device via the Telnet protocol without providing any authentication credentials. After establishing a connection, they gain the ability to execute commands, manipulate processes, and data on the device.

Impact

An unauthenticated remote attacker can stop running processes, read, delete, and modify data on the device. In practice, this means the possibility of complete takeover of control over an industrial device.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (https://cert.vde.com/en/advisories/VDE-2024-038). Until updates are applied, it is recommended to isolate devices from untrusted networks, block access to the Telnet port at the firewall level, and restrict network access to devices only to trusted hosts.

Who is affected

Pepperl-Fuchs OIT700-F113-B12-CB, Pepperl-Fuchs OIT500-F113-B12-CB, Pepperl-Fuchs OIT200-F113-B12-CB — specific firmware versions indicated in the manufacturer's references (CERT VDE VDE-2024-038)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pepperl Fuchs Oit1500 F113 B12 Cb

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Oit1500 F113 B12 Cb Firmware

    OS
    Pepperl-Fuchs
    ≤ 2.11.0
  • Pepperl Fuchs Oit200 F113 B12 Cb

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Oit200 F113 B12 Cb Firmware

    OS
    Pepperl-Fuchs
    ≤ 2.11.0
  • Pepperl Fuchs Oit500 F113 B12 Cb

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Oit500 F113 B12 Cb Firmware

    OS
    Pepperl-Fuchs
    ≤ 2.11.0
  • Pepperl Fuchs Oit700 F113 B12 Cb

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Oit700 F113 B12 Cb Firmware

    OS
    Pepperl-Fuchs
    ≤ 2.11.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-6421HIGH7.5ten sam produkt

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured ...

CVE-2021-34565CRITICAL9.8ten sam vendor

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded cr...

CVE-2020-12500CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...

CVE-2020-12501CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...

CVE-2020-12504CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...