MidnightBSD

Advisories for pilz

CVE-2018-19009 LOW

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
pilz pnozmulti_configurator *
CVE-2019-9011

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.

Products Affected

Vendor Product Version
pilz pmc *
CVE-2020-12067

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.

Products Affected

Vendor Product Version
pilz pmc *
CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Products Affected

Vendor Product Version
wago 750-8211_firmware *
wago 762-4204/8000-001_firmware *
wago 752-8303/8000-0002_firmware *
wago 762-4201/8000-001_firmware *
wago 762-6301/8000-002_firmware *
wago 750-8215_firmware *
wago 750-8204_firmware *
wago 750-8206_firmware *
wago 750-8100_firmware *
wago 750-8202_firmware *
codesys control_for_raspberry_pi *
wago 762-4305/8000-002_firmware *
festo controller_cecc-d_firmware 2.3.8.1
codesys control_for_plcnext *
wago 750-8214_firmware *
wago 762-4303/8000-002_firmware *
codesys control_for_linux *
wago 762-4203/8000-001_firmware *
codesys v3_simulation_runtime *
wago 762-5303/8000-002_firmware *
wago 762-6303/8000-002_firmware *
wago 762-5304/8000-002_firmware *
wago 750-8210_firmware *
wago 762-5206/8000-001_firmware *
codesys control_for_beaglebone *
wago 750-8213_firmware *
wago 762-5306/8000-002_firmware *
wago 762-4302/8000-002_firmware *
wago 762-4306/8000-002_firmware *
wago 762-6304/8000-002_firmware *
festo controller_cecc-d_firmware 2.3.8.0
wago 762-5204/8000-001_firmware *
festo controller_cecc-s_firmware 2.3.8.1
codesys control_win_v3 *
wago 750-8101_firmware *
codesys control_for_empc-a/imx6 *
wago 750-8212_firmware *
festo controller_cecc-s_firmware 2.3.8.0
codesys control_for_iot2000 *
wago 762-4202/8000-001_firmware *
wago 762-4301/8000-002_firmware *
wago 762-6204/8000-001_firmware *
pilz pmc *
wago 762-6201/8000-001_firmware *
wago 762-4205/8000-001_firmware *
wago 762-5305/8000-002_firmware *
wago 762-5203/8000-001_firmware *
wago 762-6302/8000-002_firmware *
codesys control_rte_v3 *
wago 750-8217_firmware -
festo controller_cecc-lk_firmware 2.3.8.1
wago 762-6202/8000-001_firmware *
wago 750-8207_firmware *
wago 750-8102_firmware *
wago 762-4206/8000-001_firmware *
wago 750-8216_firmware *
wago 762-4304/8000-002_firmware *
wago 750-8203_firmware *
codesys control_for_pfc100 *
codesys hmi_v3 *
wago 762-4205/8000-002_firmware *
wago 762-4206/8000-002_firmware *
festo controller_cecc-lk_firmware 2.3.8.0
wago 762-6203/8000-001_firmware *
codesys control_v3_runtime_system_toolkit *
wago 762-5205/8000-001_firmware *
codesys control_for_pfc200 *
CVE-2022-40976

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Products Affected

Vendor Product Version
pliz pascal *
pilz pas_4000 *
pliz pasconnect *
pliz pasmotion *
pliz pnozmulti_configurator *
CVE-2022-40977

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.

Products Affected

Vendor Product Version
pilz pmi_v707e_firmware *
pilz pmi_v512_firmware *
pilz pmi_v704e_firmware *
pilz pasvisu *
pilz pmi_v807_firmware *
pilz pmi_v507_firmware *
pilz pmi_v812_firmware *
pilz pmi_v815_firmware *