← Back to home
ICSA-13-136-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

TURCK BL20 and BL67 Programmable Gateway Hard-Coded User Accounts

CVSS 10.0 CRITICAL

CVEs (1)

Remediations

  • TURCK has provided a firmware update for these products. The firmware update mitigates the vulnerability by removing the hard-coded accounts accessible by the FTP service. The firmware updates can be downloaded from the TURCK BL20 and BL67 download sites: BL20 (www.turck-usa.com/Search/Documentation_Search_Results.asp?ViewID=Illustrations&Page=1&SearchIn=0&SortBy=&SortDesc=&Pattern=BL20-PG-EN-IP)
  • BL67 (www.turck-usa.com/Search/Documentation_Search_Results.asp?ViewID=Illustrations&Page=1&SearchIn=0&SortBy=&SortDesc=&Pattern=BL67-PG-EN-IP)

Affected Vendors

TURCK

Affected Products (2)

TURCK · BL20 Programmable Gateway vers:all/*
TURCK · BL67 Programmable Gateway vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more