Pilz: Vulnerability affecting PASvisu Runtime

Plan Patch7.5PPSA-2025-004Oct 20, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

PASvisu Runtime versions 1.15.0 and earlier contain an integer overflow vulnerability in a third-party web component (CWE-190) that can be exploited by a remote attacker via a malicious web request. This affects PMIv7xx and PMIv8xx series hardware controllers. The vulnerability can cause denial of service, making the visualization server unresponsive.

What this means

What could happen

An attacker could send a malicious web request to a PASvisu Runtime server, causing it to become unresponsive or crash, disrupting visualization and monitoring of your industrial processes.

Who's at risk

Operators of Pilz PASvisu visualization systems, particularly in manufacturing control and safety applications. Affected devices include PMIv7xx and PMIv8xx series hardware controllers running PASvisu Runtime versions up to 1.15.0.

How it could be exploited

An attacker with network access to the PASvisu server's web interface (typically port 80/443) sends a specially crafted HTTP request that exploits an integer overflow in a third-party component, triggering a denial-of-service condition.

Prerequisites

Network access to PASvisu server web interface (port 80/443)
No authentication required
PASvisu Runtime version 1.15.0 or earlier

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (7.5)Affects visualization and monitoring systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

PMIv7xxe≤ 1.15.01.15.1

PMIv8xx≤ 1.15.01.15.1

PASvisu <=1.15.0≤ 1.15.01.15.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to PASvisu server using firewall or host-based firewall rules; only allow connections from authorized workstations and monitoring systems

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

PMIv8xx

HOTFIXUpdate PMIv8xx series devices to firmware with PASvisu 1.15.1 (e.g., PMI v8 Assistant visu 1.15.1 2.2.2)

All products

HOTFIXUpdate PASvisu Runtime to version 1.15.1 or later

HOTFIXUpdate PMIv7xx series devices to firmware with PASvisu 1.15.1 (e.g., PMI v70Xe visu 1.15.1 03.01.00)

CVEs (1)

CVE-2025-51495

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f624bba2-78d4-4a99-b3e1-0d84d7cbd642