TR | EN | DE | Our Site

CVE-2024-6421 and CVE-2024-6422: Vulnerabilities in Pepperl+Fuchs OIT

byAurora_Feniks -

 CVE-2024-6421 and CVE-2024-6422: Vulnerabilities in Pepperl+Fuchs OIT 

July 10, 2024

CVE-2024-6421 and CVE-2024-6422: Vulnerabilities in Pepperl+Fuchs OIT Products Allow Remote Attackers to Compromise Devices

Two recently disclosed vulnerabilities in Pepperl+Fuchs OIT industrial control devices allow unauthenticated remote attackers to compromise the affected systems. CVE-2024-6421 and CVE-2024-6422 pose significant risks to organizations using these products.


CVE-2024-6421: Sensitive Information Disclosure via Misconfigured FTP Service

CVE-2024-6421 is a vulnerability that allows an unauthenticated remote attacker to read sensitive device information through an incorrectly configured FTP service on affected Pepperl+Fuchs OIT products. The vulnerability has a CVSSv3.1 score of 7.5, indicating a high severity.


Example scenario:

An attacker discovers an FTP server associated with a Pepperl+Fuchs OIT device. They are able to connect to the FTP server without authentication and download configuration files, logs, and other sensitive information about the device. This allows the attacker to gather intelligence about the device's purpose, settings, and potentially even gain access to credentials or other sensitive data.


CVE-2024-6422: Remote Device Manipulation via Telnet

CVE-2024-6422 is a vulnerability that allows an unauthenticated remote attacker to manipulate affected Pepperl+Fuchs OIT devices via Telnet[. The attacker can stop processes, read, delete and change data on the device. This vulnerability has a critical CVSSv3.1 score of 9.8.


Example scenario:

An attacker scans a network and identifies Pepperl+Fuchs OIT devices with vulnerable Telnet services. They are able to connect to the devices without authentication and execute commands to stop critical processes, read sensitive data, and potentially even delete or modify data on the devices. This allows the attacker to completely compromise the confidentiality, integrity and availability of the affected systems.


Mitigations

To mitigate these vulnerabilities, users of affected Pepperl+Fuchs OIT products should:

- Disable Telnet access to the devices if possible

- Implement strong network segmentation to limit access to the vulnerable devices

- Use firewalls or access control lists to restrict network access, allowing only trusted IP addresses

- Monitor for suspicious activities or unauthorized access attempts

- Use alternative secure remote access methods like SSH instead of Telnet if feasible

- Regularly check for and apply any security updates or patches provided by Pepperl+Fuchs


Vendors should provide timely patches or updates to address these critical vulnerabilities in their OIT product line. Organizations using these devices should prioritize applying mitigations and updates to protect against potential compromise by remote attackers.



Tags

Aurora_Feniks

I have extensive experience working on various projects within the IT field, which has provided me with a comprehensive understanding of all areas related to information technology. My expertise in cyber security and my hands-on experience with current scenarios have given me a well-rounded perspective on security issues.

You might like

View all

Post a Comment

Hello, share your thoughts with us.

Previous Post Next Post

İletişim Formu