Pilz: Authentication Bypass in IndustrialPI Webstatus

Act Now9.8PPSA-2025-003Jul 1, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Pilz IndustrialPI 4 webstatus application contains an authentication bypass vulnerability that allows unauthenticated network access to bypass login controls, potentially exposing the web interface to unauthorized users.

What this means

What could happen

An attacker on your network could access the IndustrialPI webstatus interface without credentials, potentially viewing sensitive process data or making unauthorized changes to equipment configuration.

Who's at risk

Manufacturing facilities and industrial operations using Pilz IndustrialPI 4 systems for process monitoring and control should prioritize this update. Particularly critical for organizations where the webstatus interface is exposed to untrusted networks or used for remote monitoring of production equipment.

How it could be exploited

An attacker with network access to the IndustrialPI would connect to the webstatus application port and bypass the authentication mechanism due to insufficient login verification. No valid credentials would be required to gain access to the web interface.

Prerequisites

Network access to the IndustrialPI webstatus port (typically port 80/443)
IndustrialPI 4 running version prior to 2.4.6

remotely exploitableno authentication requiredlow complexityaffects critical industrial PC with process visibility

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

IndustrialPI 4<2.4.62.4.6

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the IndustrialPI using firewall rules, limiting which networks or machines can reach the webstatus port

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IndustrialPI webstatus package to version 2.4.6 or later using 'sudo apt update && sudo apt upgrade -y'

HOTFIXVerify webstatus package version with 'dpkg -l | grep revpi-webstatus' to confirm update was applied

CVEs (1)

CVE-2025-41648

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b5096630-4c1a-44e8-9ade-0afd89f8db07