Pilz: Multiple products affected by uC/HTTP vulnerability

Plan PatchCVSS 9.8VDE-2024-002Feb 6, 2024

Pilz

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The PITreader product family uses the uC/HTTP third-party component for web server functionality. uC/HTTP is affected by multiple vulnerabilities (CWE-787: Out-of-bounds Write) that allow an attacker to gain full control over the system. Affected products include: PIT gb RLLE y down ETH (versions before 02.02.00), PIT gb RLLE y up ETH (versions before 02.02.00), PITreader base unit HR 01 (versions before 01.05.04), PITreader base unit HR 02 (versions before 02.02.00), PITreader card unit (versions before 02.02.00), PITreader S base unit (versions before 02.02.00), and PITreader S card unit (versions before 02.02.00).

What this means

What could happen

An attacker with network access to the web server can exploit uC/HTTP vulnerabilities to gain full control of the PITreader device, potentially allowing them to modify safety configurations, disable reader functionality, or alter RFID identification data that the system relies on.

Who's at risk

Facilities operating Pilz PITreader RFID identification systems for personnel or object detection and control in safety applications should prioritize this. Affected sectors include manufacturing plants, automotive assembly lines, and material handling operations that rely on these readers for access control or process safety interlocks.

How it could be exploited

An attacker sends a malformed HTTP request to the web server running on the PITreader device. The uC/HTTP component does not properly validate the input, allowing the attacker to execute arbitrary code or overflow buffers on the device. This gives the attacker complete command-line access to modify system settings and behavior.

Prerequisites

Network access to the web server port on the PITreader device (typically port 80 or 443)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects safety systemshigh CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

PIT gb RLLE y down ETH<02.02.0002.02.00

PIT gb RLLE y up ETH<02.02.0002.02.00

PITreader base unit (HR 01)<01.05.0401.05.04

PITreader base unit (HR 02)<02.02.0002.02.00

PITreader card unit<02.02.0002.02.00

PITreader S base unit<02.02.0002.02.00

PITreader S card unit<02.02.0002.02.00

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to PITreader web server ports using firewall rules, allowing only legitimate workstations and PLCs that require communication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

PIT gb RLLE y down ETH

HOTFIXUpdate PITreader devices to firmware version 02.02.00 or later (PIT gb RLLE y down ETH, PIT gb RLLE y up ETH, PITreader card unit, PITreader S card unit) or version 01.05.04 or later (PITreader base unit HR 01) or version 02.02.00 or later (PITreader base unit HR 02, PITreader S base unit)

Long-term hardening

0/1

HARDENINGIsolate PITreader devices on a separate network segment or VLAN to limit exposure if local network is compromised

CVEs (6)

CVE-2023-28379 CVE-2023-27882 CVE-2023-25181 CVE-2023-31247 CVE-2023-28391 CVE-2023-24585

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/888f65b3-646e-4359-89ed-1aa20427ff4c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.