CERT@VDE, in coordination with Pepperl+Fuchs, has issued a security advisory regarding a critical vulnerability affecting various Pepperl+Fuchs Human Machine Interface (HMI) devices. The vulnerability, identified as CVE-2024-38063 and assigned a CVSS score of 9.8, could allow an unauthenticated attacker to execute arbitrary code on vulnerable devices.
The vulnerability stems from a flaw in the affected devices’ handling of IPv6 packets. An attacker could exploit this vulnerability by sending specially crafted IPv6 packets to a vulnerable device, potentially leading to remote code execution.
According to the security advisory: “An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.”
Successful exploitation of this vulnerability could allow an attacker to gain complete control over the affected device, enabling them to read confidential information, modify or delete data, and execute arbitrary code.
The impact of this vulnerability is significant, as Pepperl+Fuchs HMI devices are commonly used in industrial automation and control systems across various sectors, including manufacturing, energy, and transportation.
The following Pepperl+Fuchs HMI and VisuNet RM Shell models are vulnerable if running outdated Windows versions:
- PC82, PC9, BTC01, RM82, RM9, RM2, RM37, PC2, PC97, PC37, BTC12, BTC14, TCU1, PCU1, BPC3200, RM-320
- Windows 10 IoT Enterprise LTSB 2016 versions below KB5041773
- Windows 10 IoT Enterprise LTSC 2019 versions below KB5041578
- Windows 10 IoT Enterprise LTSC 2021 versions below KB5041580
A complete list of affected devices is available in the official Pepperl+Fuchs advisory.
Pepperl+Fuchs has released updates to address this vulnerability. Users of affected devices are strongly urged to apply the necessary patches as soon as possible to mitigate the risk of potential attacks.
CERT@VDE and Pepperl+Fuchs recommend that users take the following actions:
- Install the latest updates: Apply the “2024-08 Cumulative Update” from Microsoft for the affected Windows versions.
- Update RM Shell devices: Install the appropriate security patch for the specific RM Shell version.
- Review network configurations: Ensure that only trusted devices have access to the HMI devices.
- Monitor network activity: Implement network monitoring to detect any suspicious activity.
Related Posts:
- Pepperl+Fuchs Industrial Devices Exposed to Critical Vulnerabilities
- Team82 Unveils Research on Unitronics PLC/HMI Attacks Targeting Critical Infrastructure
- Beware of Fake PoC Exploits for 0-Click RCE CVE-2024-38063 on GitHub
- CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems
- Zero-Click Windows RCE Threat: Researcher Publishes PoC Exploit for CVE-2024-38063
