PPSA-2025-003

Vulnerability from csaf_pilzgmbhcokg - Published: 2025-07-01 10:00 - Updated: 2025-07-01 10:00
Summary
Pilz: Authentication Bypass in IndustrialPI Webstatus
Notes
Summary: The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
Impact: An attacker can bypass the login to the web application making it possible to access and maliciously change all available settings of the IndustrialPI.
Remediation: Update the webstatus package to version 2.4.6 via the 'apt' package manager. Use 'sudo apt update && sudo apt upgrade -y' to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use 'dpkg -l | grep revpi-webstatus'.; Limit network access to the IndustrialPI by using a firewall or similar measures.;
CVE-2025-41648

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-704 - Incorrect Type Conversion or Cast
Vendor Fix Update the webstatus package to version 2.4.6 via the 'apt' package manager. Use 'sudo apt update && sudo apt upgrade -y' to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use 'dpkg -l | grep revpi-webstatus'.
Mitigation Limit network access to the IndustrialPI by using a firewall or similar measures.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker can bypass the login to the web application making it possible to access and maliciously change all available settings of the IndustrialPI.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update the webstatus package to version 2.4.6 via the \u0027apt\u0027 package manager. Use \u0027sudo apt update \u0026\u0026 sudo apt upgrade -y\u0027 to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use \u0027dpkg -l | grep revpi-webstatus\u0027.; Limit network access to the IndustrialPI by using a firewall or similar measures.; ",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@pilz.com",
      "name": "Pilz GmbH \u0026 Co. KG",
      "namespace": "https://www.pilz.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "For further security-related issues in Pilz products please contact the Pilz Product Security Incident Response Team (PSIRT)",
        "url": "https://www.pilz.com/security"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/pilz/"
      },
      {
        "category": "self",
        "summary": "PPSA-2025-003: Pilz: Authentication Bypass in IndustrialPI Webstatus - HTML",
        "url": "https://certvde.com/en/advisories/PPSA-2025-003/"
      },
      {
        "category": "self",
        "summary": "PPSA-2025-003: Pilz: Authentication Bypass in IndustrialPI Webstatus - CSAF",
        "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-003.json"
      }
    ],
    "title": "Pilz: Authentication Bypass in IndustrialPI Webstatus",
    "tracking": {
      "aliases": [
        "VDE-2025-039",
        "PPSA-2025-003"
      ],
      "current_release_date": "2025-07-01T10:00:00.000Z",
      "generator": {
        "date": "2025-06-27T08:29:49.019Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.26"
        }
      },
      "id": "PPSA-2025-003",
      "initial_release_date": "2025-07-01T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-07-01T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial Version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IndustrialPI 4",
                "product": {
                  "name": "IndustrialPI 4",
                  "product_id": "CSAFPID-11000",
                  "product_identification_helper": {
                    "model_numbers": [
                      "A1000002",
                      "A1000003"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2024-08",
                    "product": {
                      "name": "Firmware Bullseye \u003c=2024-08",
                      "product_id": "CSAFPID-21000"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Bullseye"
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c2.4.6",
                    "product": {
                      "name": "IndustrialPI webstatus \u003c2.4.6",
                      "product_id": "CSAFPID-51000"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.4.6",
                    "product": {
                      "name": "IndustrialPI webstatus 2.4.6",
                      "product_id": "CSAFPID-52000"
                    }
                  }
                ],
                "category": "product_name",
                "name": "IndustrialPI webstatus"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Pilz"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware Bullseye \u003c=2024-08 installed on IndustrialPI 4",
          "product_id": "CSAFPID-31000"
        },
        "product_reference": "CSAFPID-21000",
        "relates_to_product_reference": "CSAFPID-11000"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "IndustrialPI webstatus \u003c2.4.6 installed on Firmware Bullseye \u003c=2024-08 installed on IndustrialPI 4",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-51000",
        "relates_to_product_reference": "CSAFPID-31000"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "IndustrialPI webstatus 2.4.6 installed on Firmware Bullseye \u003c=2024-08 installed on IndustrialPI 4",
          "product_id": "CSAFPID-32000"
        },
        "product_reference": "CSAFPID-52000",
        "relates_to_product_reference": "CSAFPID-31000"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41648",
      "cwe": {
        "id": "CWE-704",
        "name": "Incorrect Type Conversion or Cast"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32000"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update the webstatus package to version 2.4.6 via the \u0027apt\u0027 package manager. Use \u0027sudo apt update \u0026\u0026 sudo apt upgrade -y\u0027 to pull and install all available updates for the IndustrialPI. To check the version of the webstatus package, use \u0027dpkg -l | grep revpi-webstatus\u0027.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Limit network access to the IndustrialPI by using a firewall or similar measures.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2025-41648"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.