OTPulse
FeedAboutContact

Pilz PNOZmulti Configurator

Low Risk3.3ICS-CERT ICSA-19-010-03Jan 10, 2019
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Pilz PNOZmulti Configurator versions prior to 10.9 contain a vulnerability that allows sensitive data to be read from the system. The affected functionality relates to the PMI m107 diag HMI device configuration. Pilz has discontinued the PMI m107 diag device and removed the associated function in version 10.9.

What this means
What could happen
An attacker with local access to a system running PNOZmulti Configurator could read sensitive configuration data, potentially exposing details about your safety controller setup or HMI configurations. This impact is limited to local attacks and affects only users still operating the discontinued PMI m107 diag device.
Who's at risk
This affects organizations using Pilz PNOZmulti Configurator for safety controller configuration and programming. The risk is elevated only for sites still operating the discontinued PMI m107 diag HMI device. Engineering workstations and configuration management PCs running this software are the primary systems of concern.
How it could be exploited
An attacker must have local access to the computer running PNOZmulti Configurator. They would read sensitive data from the application's data storage directory (C:\Program-Data\Pilz\PNOZmulti Configurator\AppData\pmimicroconfig) without requiring authentication or elevated privileges.
Prerequisites
  • Local access to the computer running PNOZmulti Configurator
  • User privilege level or higher on the host system
Local access required (not remotely exploitable)Requires legitimate user account accessAffects safety system configuration toolsPatch available from vendor
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
PNOZmulti Configurator: all< 10.910.9
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGIf PMI m107 diag device is still in use, secure the configuration PC and file system against unauthorized local access through access controls and endpoint hardening
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PNOZmulti Configurator to version 10.9 or later
WORKAROUNDDelete the content of C:\Program-Data\Pilz\PNOZmulti Configurator v<version>\AppData\pmiconfigdata directory after upgrading
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/38f5b5fa-fe45-4edb-b97a-3617d011c0f1
Pilz PNOZmulti Configurator | CVSS 3.3 - OTPulse