KUNBUS GmbH Revolution Pi (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to bypass authentication, gain unauthorized access to critical functions, and execute malicious server-side includes (SSI) within a web page.

CVEs (4)

Remediations

• KUNBUS has identified the following specific mitigations that users can apply to reduce risk:
• Update PiCtory package to version 2.12
• The preferred method for updating to version 2.12 is accomplished through KUNBUS's management UI Cockpit. However, users can also download the update package here.
• KUNBUS released a new image for Revolution Pi OS Bookworm on 04/30/2025. Users can download the updated image here.
• By end of April 2025, KUNBUS plans to release a new Cockpit plugin that helps the user to make configurations which are available in a graphical interface. In the meantime, it is recommended that users activate authentication. Please refer to this guide for help with activating authentication.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Systems