KUNBUS GmbH Revolution Pi (Update A)

Plan PatchCVSS 10ICS-CERT ICSA-25-121-01May 1, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

KUNBUS Revolution Pi contains authentication bypass, insufficient authentication, and server-side include (SSI) injection vulnerabilities that allow attackers to bypass authentication controls, access critical functions, and execute malicious SSI within web pages. The vulnerabilities affect Revolution Pi OS Bookworm and PiCtory (web-based configuration interface) versions up to 2.11.1.

What this means

What could happen

An attacker could bypass authentication to access the Revolution Pi's web interface and execute arbitrary server-side code, potentially gaining full control of the industrial computer and any connected industrial devices on the network (I/O modules, gateways, etc.). This could allow manipulation of sensor readings, process outputs, or complete shutdown of operations.

Who's at risk

Water utilities, power distribution operators, and manufacturing plants using Revolution Pi industrial computers for process automation and sensor I/O management. The Revolution Pi is commonly deployed as an edge controller for connecting industrial sensors, motor drives, and process valves to SCADA/HMI systems. Organizations exposing these devices to untrusted networks or using them in remote/distributed sites are at highest risk.

How it could be exploited

An attacker with network access to the Revolution Pi's web interface (port 80/443 by default) can send specially crafted requests that bypass authentication controls. Once authenticated, the attacker can inject malicious server-side includes (SSI) into web pages, allowing execution of arbitrary commands on the Revolution Pi itself with the same privileges as the web service.

Prerequisites

Network access to the Revolution Pi web interface (typically port 80 or 443)
Device must be exposed to untrusted networks or accessible from the internet
No valid user credentials needed due to authentication bypass vulnerability

remotely exploitableno authentication requiredlow complexitydefault credentialsCVSS score 10 (critical)affects industrial control and automation systems

Exploitability

Some exploitation risk — EPSS score 2.4%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Revolution Pi OS Bookworm: <=01/2025≤ 01/202504/30/2025+

Revolution Pi PiCtory: <=2.11.1≤ 2.11.12.12+

Revolution Pi PiCtory: >=2.5.0|<=2.11.1≥ 2.5.0|≤ 2.11.12.12+

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDEnable authentication on the Revolution Pi web interface immediately using the provided configuration guide

HARDENINGRestrict network access to the Revolution Pi web interface to known trusted networks only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Revolution Pi PiCtory to version 2.12 or later using the Cockpit management UI or manual package installation

HOTFIXUpdate Revolution Pi OS Bookworm to 04/30/2025 release or later by downloading and flashing the updated OS image

Long-term hardening

0/1

HARDENINGIsolate the Revolution Pi and all connected industrial devices from the internet and from business networks using network segmentation

CVEs (4)

CVE-2025-24522 CVE-2025-32011 CVE-2025-35996 CVE-2025-36558

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ad173bd-cc09-4f36-b0f8-1273b487dd37

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.