Festo: Several vulnerabilities in FactoryViews

Act NowCVSS 9.8FSA-202302Jul 10, 2023

Festo

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

FactoryViews versions up to 1.5.2 contain approximately 200 vulnerabilities in bundled third-party applications, including issues related to input validation, path traversal, certificate validation, command injection, SQL injection, insecure deserialization, buffer overflows, and unsafe cryptographic practices. These vulnerabilities could enable remote code execution, unauthorized access, data manipulation, or denial of service without authentication. Version 1.6.0 is a security rollup that updates all bundled applications and fixes these vulnerabilities for FactoryViews (non-Lite). FactoryViews Lite version 1.1 cannot be patched independently; users must upgrade to version 1.7.0, which unifies the product line.

What this means

What could happen

FactoryViews contains approximately 200 vulnerabilities in bundled third-party applications that could allow an unauthenticated attacker to remotely execute code, read sensitive files, or disrupt operations. This affects all instances of FactoryViews Lite version 1.1 and earlier, for which no patch will be released.

Who's at risk

Organizations using Festo FactoryViews for industrial automation, process visualization, or facility management should prioritize this. FactoryViews is commonly deployed in manufacturing plants, water treatment facilities, and utilities as a supervisory control interface. All versions prior to 1.6.0 (non-Lite) and 1.7.0 (Lite) are affected.

How it could be exploited

An attacker on the network can send a crafted request to FactoryViews without authentication. The bundled vulnerable applications process the request and execute arbitrary code, allowing the attacker to run commands on the server, read configuration files or credentials, or crash the application.

Prerequisites

Network access to FactoryViews web interface (typically port 80 or 443)
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)affects safety systemsno patch available for FactoryViews Lite ≤1.1 until version 1.7.0

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

FactoryViews <1.6.0< 1.6.01.6.0

FactoryViews Lite <=1.1≤ 1.11.6.0

Remediation & Mitigation

0/5

Do now

0/4

HOTFIXUpgrade FactoryViews (non-Lite) to version 1.6.0 or later

HOTFIXUpgrade FactoryViews Lite to version 1.7.0 or later

WORKAROUNDRestrict network access to FactoryViews to engineering workstations and authorized operator terminals only using firewall rules or network segmentation

WORKAROUNDIf unable to patch FactoryViews Lite immediately, consider disabling or isolating affected instances until upgrade to version 1.7.0 is possible

Long-term hardening

0/1

HARDENINGPlace FactoryViews on an isolated OT network segment not directly reachable from corporate IT or the internet

CVEs (173)

CVE-2021-35604 CVE-2021-37712 CVE-2021-39134 CVE-2021-37701 CVE-2021-37713 CVE-2021-39135 CVE-2021-44531 CVE-2021-44533 CVE-2021-46662 CVE-2021-46664 CVE-2021-46666 CVE-2021-46667 CVE-2021-46669 CVE-2022-1586 CVE-2016-5385 CVE-2018-12882 CVE-2018-17082 CVE-2022-21824 CVE-2018-19518 CVE-2022-23808 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9025 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27385 CVE-2022-27386 CVE-2019-11034 CVE-2019-11035 CVE-2019-11039 CVE-2019-11040 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2019-11046 CVE-2019-11047 CVE-2019-11048 CVE-2022-27458 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2020-7060 CVE-2018-14851 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2020-7065 CVE-2020-7066 CVE-2006-20001 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091 CVE-2020-7071 CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 CVE-2021-2007 CVE-2021-2011 CVE-2022-32223 CVE-2022-35255 CVE-2022-35256 CVE-2022-36313 CVE-2022-36760 CVE-2022-37436 CVE-2021-2174 CVE-2021-2180 CVE-2021-2194 CVE-2021-2372 CVE-2021-2389 CVE-2021-3807 CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 CVE-2023-25690 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2021-22884 CVE-2021-22921 CVE-2021-22931 CVE-2021-22940 CVE-2021-22960 CVE-2021-27290 CVE-2021-32803 CVE-2021-32804 CVE-2021-44532 CVE-2021-46661 CVE-2021-46663 CVE-2021-46665 CVE-2021-46668 CVE-2016-3078 CVE-2022-1587 CVE-2018-14883 CVE-2022-21595 CVE-2022-23807 CVE-2018-19935 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2022-27387 CVE-2022-27444 CVE-2019-11036 CVE-2022-27445 CVE-2022-27446 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11044 CVE-2019-11045 CVE-2022-27456 CVE-2022-27457 CVE-2019-11049 CVE-2019-11050 CVE-2019-20454 CVE-2020-7059 CVE-2022-32081 CVE-2020-7061 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2022-32086 CVE-2022-32087 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-32222 CVE-2021-2022 CVE-2021-2032 CVE-2021-2144 CVE-2021-2154 CVE-2021-2166 CVE-2022-43548 CVE-2022-47015 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2021-3918 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2023-25727 CVE-2023-27522 CVE-2021-22883 CVE-2021-22918 CVE-2021-22930 CVE-2021-22939 CVE-2021-22959 CVE-2021-23362 CVE-2021-27928

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b04e5cad-75ec-4964-a2c0-20a92ac218e4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.