ICSA-19-036-05 · Published 2019-02-28 · View on CISA ICS-CERT ↗

Kunbus PR100088 Modbus Gateway (Update B)

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

CVE-2019-6527 CVE-2019-6533 CVE-2019-6529 CVE-2019-6531 CVE-2019-6549

Update to Version R03: the updated file can be downloaded from here (Install instructions can be found in the readme file included in the download): https://www.kunbus.de/sicherheitshinweise/update-ii-sicherheitshinweis-f%C3%BCr-gateway-modul-modbus-tcp-slave-art-nr-100088.html?file=files/media/bugfixes/SU_100088_R03.zip
These devices are not intended to be used in a public network. Rather, these devices are intended for use in an industrial environment with a protected network architecture.

Kunbus

Kunbus · PR100088 Modbus gateway < R02 (or Software Version 1.1.13166)

Communications

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.