PEPPERL+FUCHS Reports WirelessHART Gateway Hole

Thursday, March 14, 2019 @ 08:03 PM gHale

PEPPERL+FUCHS suggests users should upgrade to new firmware to mitigate a path traversal vulnerability in WirelessHART Gateways, according to a report with NCCIC.

Successful exploitation of this vulnerability, self-reported by PEPPERL+FUCHS , could allow access to files and restricted directories stored on the device through the manipulation of file parameters.

RELATED STORIES
Security Update for Gemalto’s Sentinel UltraPro
LCDS Updates SCADA Software
Siemens Mitigates SCALANCE Hole
Update to WibuKey Digital Rights Management Holes

PEPPERL+FUCHS said all WHA-GW-* products suffer from the remotely exploitable vulnerability. Public exploits are available.

A path traversal vulnerability has been identified, which may allow unauthorized disclosure of information.

CVE-2018-16059 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use mainly in the critical manufacturing and information technology sectors. It also sees action on a global basis.

Attackers with low skill level could leverage the vulnerability.

Germany-based PEPPERL+FUCHS reports affected users with WHA-GW-*-ETH devices should upgrade to firmware Version 03.00.08. Affected users with WHA-GW-*-ETH.EIP devices should upgrade to firmware Version 02.00.01.

For more information, see the advisory CERT@VDE wrote for PEPPERL+FUCHS.



Leave a Reply

You must be logged in to post a comment.