PPSA-2025-004
Vulnerability from csaf_pilzgmbhcokg - Published: 2025-10-20 10:00 - Updated: 2025-10-20 10:00Summary
Pilz: Vulnerability affecting PASvisu Runtime
Notes
Summary: The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.
Impact: A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.
Mitigation: Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.
Remediation: - PASvisu: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'PASvisu 1.15.1' on to your device.
- PMIv7xxe: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image 'Firmware PMI v70Xe (visu 1.15.1) 03.01.00' on to your device.
- PMIv8xx: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download 'Firmware PMI v8 Assistant (visu 1.15.1) 2.2.2' in order to install the new verison of the firmware on to your device. ;
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
7.5 (High)
Mitigation
Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'PASvisu 1.15.1' on to your device.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image 'Firmware PMI v70Xe (visu 1.15.1) 03.01.00' on to your device.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download 'Firmware PMI v8 Assistant (visu 1.15.1) 2.2.2' in order to install the new verison of the firmware on to your device.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.",
"title": "Impact"
},
{
"category": "description",
"text": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.",
"title": "Mitigation"
},
{
"category": "description",
"text": "- PASvisu: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027PASvisu 1.15.1\u0027 on to your device.\n\n- PMIv7xxe: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image \u0027Firmware PMI v70Xe (visu 1.15.1) 03.01.00\u0027 on to your device.\n\n- PMIv8xx: Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download \u0027Firmware PMI v8 Assistant (visu 1.15.1) 2.2.2\u0027 in order to install the new verison of the firmware on to your device. ; ",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "For further security-related issues in Pilz products please contact the Pilz Product Security Incident Response Team (PSIRT)",
"url": "https://www.pilz.com/security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "PPSA-2025-004: Pilz: Vulnerability affecting PASvisu Runtime - HTML",
"url": "https://certvde.com/en/advisories/PPSA-2025-004"
},
{
"category": "self",
"summary": "PPSA-2025-004: Pilz: Vulnerability affecting PASvisu Runtime - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-004.json"
}
],
"title": "Pilz: Vulnerability affecting PASvisu Runtime",
"tracking": {
"aliases": [
"VDE-2025-093",
"PPSA-2025-004"
],
"current_release_date": "2025-10-20T10:00:00.000Z",
"generator": {
"date": "2025-10-20T06:32:52.941Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.35"
}
},
"id": "PPSA-2025-004",
"initial_release_date": "2025-10-20T10:00:00.000Z",
"revision_history": [
{
"date": "2025-10-20T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.15.0",
"product": {
"name": "PASvisu \u003c=1.15.0",
"product_id": "CSAFPID-51000"
}
},
{
"category": "product_version",
"name": "1.15.1",
"product": {
"name": "PASvisu 1.15.1",
"product_id": "CSAFPID-52000"
}
}
],
"category": "product_name",
"name": "PASvisu"
}
],
"category": "product_family",
"name": "Software"
},
{
"branches": [
{
"category": "product_name",
"name": "PMIv7xxe",
"product": {
"name": "PMIv7xxe",
"product_id": "CSAFPID-11000",
"product_identification_helper": {
"model_numbers": [
"266704",
"266707"
]
}
}
},
{
"category": "product_name",
"name": "PMIv8xx",
"product": {
"name": "PMIv8xx",
"product_id": "CSAFPID-12000",
"product_identification_helper": {
"model_numbers": [
"266807",
"266812",
"266815"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=03.00.00",
"product": {
"name": "Firmware PMI v70Xe \u003c=03.00.00",
"product_id": "CSAFPID-21000"
}
},
{
"category": "product_version",
"name": "03.01.00",
"product": {
"name": "Firmware PMI v70Xe 03.01.00",
"product_id": "CSAFPID-22000"
}
}
],
"category": "product_name",
"name": "Firmware PMI v70Xe"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.2.1",
"product": {
"name": "Firmware PMI v8 \u003c=2.2.1",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.2.2",
"product": {
"name": "Firmware PMI v8 2.2.2",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_name",
"name": "Firmware PMI v8"
}
],
"category": "product_name",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
],
"summary": "Affected products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32003",
"CSAFPID-52000"
],
"summary": "fixed products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v70Xe \u003c=03.00.00 installed on PMIv7xxe",
"product_id": "CSAFPID-31000"
},
"product_reference": "CSAFPID-21000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu \u003c=1.15.0 installed on Firmware PMI v70Xe \u003c=03.00.00 installed on PMIv7xxe",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51000",
"relates_to_product_reference": "CSAFPID-31000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v70Xe 03.01.00 installed on PMIv7xxe",
"product_id": "CSAFPID-32000"
},
"product_reference": "CSAFPID-22000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu 1.15.1 installed on Firmware PMI v70Xe 03.01.00 installed on PMIv7xxe",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52000",
"relates_to_product_reference": "CSAFPID-32000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v8 \u003c=2.2.1 installed on PMIv8xx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-12000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu \u003c=1.15.0 installed on Firmware PMI v8 \u003c=2.2.1 installed on PMIv8xx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51000",
"relates_to_product_reference": "CSAFPID-31002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v8 2.2.2 installed on PMIv8xx",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-12000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu 1.15.1 installed on Firmware PMI v8 2.2.2 installed on PMIv8xx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-52000",
"relates_to_product_reference": "CSAFPID-32002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-51495",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32003",
"CSAFPID-52000"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027PASvisu 1.15.1\u0027 on to your device.",
"product_ids": [
"CSAFPID-51000"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image \u0027Firmware PMI v70Xe (visu 1.15.1) 03.01.00\u0027 on to your device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download \u0027Firmware PMI v8 Assistant (visu 1.15.1) 2.2.2\u0027 in order to install the new verison of the firmware on to your device.",
"product_ids": [
"CSAFPID-31003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000",
"CSAFPID-31001",
"CSAFPID-31003"
]
}
],
"title": "CVE-2025-51495"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…