PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

Risk Summary

Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code.

CVEs (1)

Remediations

• PEPPRL+FUCHS HMI devices running RM Shell 4 should be updated with ‘RM Image 4 Security Patches 01/2017 to 05/2018' (18-33400C):
• PEPPRL+FUCHS HMI devices running RM Shell 5 should be updated with ‘RM Image 5 Security: Windows Cumulative Security Patch 07/2018' (18-33624):
• PEPPRL+FUCHS HMI devices running Windows 7 or Windows 10 should be updated by using the Windows Update mechanism. See Microsoft's security bulletin for more information:
• After deploying the patch, all connected third-party clients or servers must use the latest version of the CredSSP protocol.
• Be aware of the importance of installing these patches, as security will be enforced by the update. Security by default restriction might result in an error due to encryption oracle remediation. Updates should be installed on both the server and the HMI device; otherwise, system compatibility might be influenced.
• For more information CERT@VDE has released a security advisory

Affected Vendors

Affected Products (3)

Affected Sectors

Communications, Critical Manufacturing, Information Technology