VDE-2019-002
Vulnerability from csaf_pepperlfuchsse - Published: 2019-03-06 10:35 - Updated: 2025-05-14 13:00Summary
Pepperl+Fuchs: Path traversal in WirelessHART Gateway
Notes
Summary: Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored on the device by manipulating file parameters that reference these. Incoming HTTP requests using fcgi-bin/wgsetcgi and a filename parameter allow a directory / path traversal. A publicly available exploit already exists for this vulnerability.
Impact: Successful vulnerability exploitation enables remote, unauthenticated attackers to gain unauthorized access to arbitrary files on WirelessHART-Gateways. This includes applications, data, credentials and sensitive operating system files.
Remediation: A Firmware (version see table below), which solves the problem, is available.
Please contact your support representative for this particular firmware package and update the corresponding product.
| Product ID | Version | Bus-Interface of Device |
|-----------------|----------|-------------------------|
| WHA-GW-*-ETH | 03.00.08 | Modbus |
| WHA-GW-*-ETH.EIP | 02.00.01 | Ethernet/IP |
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
5.3 (Medium)
Vendor Fix
A Firmware (version see table below), which solves the problem, is available.
Please contact your support representative for this particular firmware package and update the corresponding product.
| Product ID | Version | Bus-Interface of Device |
|-----------------|----------|-------------------------|
| WHA-GW-*-ETH | 03.00.08 | Modbus |
| WHA-GW-*-ETH.EIP | 02.00.01 | Ethernet/IP |
References
Acknowledgments
CERT@VDE
certvde.com
Hamit CİBO
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Hamit C\u0130BO",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored on the device by manipulating file parameters that reference these. Incoming HTTP requests using fcgi-bin/wgsetcgi and a filename parameter allow a directory / path traversal. A publicly available exploit already exists for this vulnerability.",
"title": "Summary"
},
{
"category": "description",
"text": "Successful vulnerability exploitation enables remote, unauthenticated attackers to gain unauthorized access to arbitrary files on WirelessHART-Gateways. This includes applications, data, credentials and sensitive operating system files.",
"title": "Impact"
},
{
"category": "description",
"text": "A Firmware (version see table below), which solves the problem, is available. \nPlease contact your support representative for this particular firmware package and update the corresponding product.\n\n| Product ID | Version | Bus-Interface of Device |\n|-----------------|----------|-------------------------|\n| WHA-GW-*-ETH | 03.00.08 | Modbus |\n| WHA-GW-*-ETH.EIP | 02.00.01 | Ethernet/IP |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
"url": "https://certvde.com/en/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2019-002: Pepperl+Fuchs: Path traversal in WirelessHART Gateway - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-002"
},
{
"category": "self",
"summary": "VDE-2019-002: Pepperl+Fuchs: Path traversal in WirelessHART Gateway - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-002.json"
}
],
"title": "Pepperl+Fuchs: Path traversal in WirelessHART Gateway",
"tracking": {
"aliases": [
"VDE-2019-002"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-12T13:05:18.137Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2019-002",
"initial_release_date": "2019-03-06T10:35:00.000Z",
"revision_history": [
{
"date": "2019-03-06T10:35:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-03-12T13:00:00.000Z",
"number": "3",
"summary": "Fix: Version, Remediation"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "4",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "WHA-GW-*-ETH",
"product": {
"name": "WHA-GW-*-ETH",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "WHA-GW-*-ETH.EIP",
"product": {
"name": "WHA-GW-*-ETH.EIP",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c03.00.08",
"product": {
"name": "Firmware \u003c03.00.08",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c02.00.01",
"product": {
"name": "Firmware \u003c02.00.01",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "03.00.08",
"product": {
"name": "Firmware 03.00.08",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "02.00.01",
"product": {
"name": "Firmware 02.00.01",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.00.08 installed on WHA-GW-*-ETH",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c02.00.01 installed on WHA-GW-*-ETH.EIP",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.00.08 installed on WHA-GW-*-ETH",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 02.00.01 installed on WHA-GW-*-ETH.EIP",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16059",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "A Firmware (version see table below), which solves the problem, is available. \nPlease contact your support representative for this particular firmware package and update the corresponding product.\n\n| Product ID | Version | Bus-Interface of Device |\n|-----------------|----------|-------------------------|\n| WHA-GW-*-ETH | 03.00.08 | Modbus |\n| WHA-GW-*-ETH.EIP | 02.00.01 | Ethernet/IP |",
"entitlements": [
"Please contact your support representative for this particular firmware package and update the corresponding product."
],
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2018-16059"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…