Pilz: Vulnerability in PASvisu and PMI v8xx

Plan Patch8.1VDE-2023-050Jan 30, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple Pilz products are affected by stored cross-site-scripting (XSS) vulnerabilities in project files. When a malicious project file is opened in PASvisu or loaded onto a PMI v8xx panel, injected script code executes, potentially enabling an attacker to gain control over the visualization system and the data displayed to operators. Affected products: PASvisu versions prior to 1.14.1 and PMI v8xx hardware with firmware versions 2.0.33992 and earlier.

What this means

What could happen

An attacker who can inject malicious code into a Pilz project file could execute arbitrary commands when the file is opened in PASvisu or displayed on a PMI v8xx panel, potentially compromising the visualization system and allowing manipulation of displayed data or process information.

Who's at risk

Water utilities and electric utilities using Pilz visualization and safety control systems should care about this vulnerability. It affects PASvisu engineering software and PMI v8xx operator interface panels used in HMI (human-machine interface) applications for monitoring and controlling industrial processes.

How it could be exploited

An attacker creates a malicious project file containing stored XSS payload and tricks an authorized user into opening it in PASvisu or importing it to a PMI v8xx panel. When the compromised file is loaded, the injected script executes with the privileges of the user or system, allowing the attacker to manipulate the displayed HMI interface, alter process parameters shown to operators, or escalate access to connected control systems.

Prerequisites

Ability to create or modify a Pilz project file (.zip or similar format)
An authorized user must open the malicious project file in PASvisu or load it onto a PMI v8xx device
Network access to PASvisu Runtime if attacking via the network interface

Stored XSS in critical visualization layerRequires trusted file source—insider threat or supply chain attack vectorNo patch currently available for either affected productCould allow HMI data manipulation visible to operators

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

Hardware PMI v8xx≤ 2.0.33992No fix (EOL)

Software PASvisu <1.14.1<1.14.11.14.1 or later

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGOnly use Pilz project files from trusted sources that you control or have verified

HARDENINGRestrict file access to PASvisu project files—ensure only authorized engineering staff can create, modify, or upload project files

WORKAROUNDImplement firewall rules to limit network access to PASvisu Runtime to only legitimate engineering workstations and control systems

WORKAROUNDEnable password protection on PASvisu online projects if available in your configuration

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor the Pilz eShop and your PASvisu/PMI v8xx admin console for firmware or software updates; apply patches immediately when available

CVEs (2)

CVE-2023-45795 CVE-2023-45796

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/da15fc2d-d4eb-4380-a542-5f43e6e05ec4