VDE-2021-034

Vulnerability from csaf_pepperlfuchsse - Published: 2021-07-30 07:55 - Updated: 2021-07-30 07:55
Summary
Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices
Notes
Summary: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. See details on Microsoft Advisory CVE-2021-34527 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527)
Impact: An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
Remediation: Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines: Pepperl+Fuchs HMI devices running RM Shell 5 should install "Security Patch PrintNightmare (18-34369)" to disable the "Allow Print Spooler to accept client connections:" group policy to block remote attacks: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34369 Pepperl+Fuchs HMI devices running a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 should use the Windows Update functionality to update the system. Customers using HMI devices based on Windows 7 or older should upgrade to a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 Version. Security updates Please check the P+F website regularly for Windows security updates and use our security update service to be informed about the latest security incidents. We will inform you as soon as Microsoft releases further security updates and measures for existing vulnerabilities. For Support please contact your local Pepperl+Fuchs sales representative.
CVE-2021-34527

Windows Print Spooler Remote Code Execution Vulnerability

8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-269 - Improper Privilege Management
Vendor Fix Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines: Pepperl+Fuchs HMI devices running RM Shell 5 should install "Security Patch PrintNightmare (18-34369)" to disable the "Allow Print Spooler to accept client connections:" group policy to block remote attacks: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34369 Pepperl+Fuchs HMI devices running a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 should use the Windows Update functionality to update the system. Customers using HMI devices based on Windows 7 or older should upgrade to a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 Version. Security updates Please check the P+F website regularly for Windows security updates and use our security update service to be informed about the latest security incidents. We will inform you as soon as Microsoft releases further security updates and measures for existing vulnerabilities. For Support please contact your local Pepperl+Fuchs sales representative.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nSee details on Microsoft Advisory CVE-2021-34527 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527)",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:\n\nPepperl+Fuchs HMI devices running RM Shell 5 should install \"Security Patch PrintNightmare (18-34369)\" to disable the \"Allow Print Spooler to accept client connections:\" group policy to block remote attacks: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34369\n\nPepperl+Fuchs HMI devices running a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 should use the Windows Update functionality to update the system.\n\nCustomers using HMI devices based on Windows 7 or older should upgrade to a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 Version.\n\nSecurity updates\nPlease check the P+F website regularly for Windows security updates and use our security update service to be informed about the latest security incidents. We will inform you as soon as Microsoft releases further security updates and measures for existing vulnerabilities.\n\nFor Support please contact your local Pepperl+Fuchs sales representative.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cert@pepperl-fuchs.com",
      "name": "Pepperl+Fuchs SE",
      "namespace": "https://www.pepperl-fuchs.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2021-034: Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2021-034/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-034: Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices - CSAF",
        "url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-034.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.pepperl-fuchs.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pepperl+Fuchs SE",
        "url": "https://certvde.com/en/advisories/vendor/pepperl-fuchs/"
      }
    ],
    "title": "Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices",
    "tracking": {
      "aliases": [
        "VDE-2021-034"
      ],
      "current_release_date": "2021-07-30T07:55:00.000Z",
      "generator": {
        "date": "2025-06-25T06:56:05.829Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.28"
        }
      },
      "id": "VDE-2021-034",
      "initial_release_date": "2021-07-30T07:55:00.000Z",
      "revision_history": [
        {
          "date": "2021-07-30T07:55:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "Box Thin Client BTC* vers:all/*",
                      "product_id": "CSAFPID-11001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Box Thin Client BTC*"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "VisuNet PC* vers:all/*",
                      "product_id": "CSAFPID-11002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "VisuNet PC*"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "VisuNet RM* vers:all/*",
                      "product_id": "CSAFPID-11003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "VisuNet RM*"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          }
        ],
        "category": "vendor",
        "name": "Vendor"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-34527",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "description",
          "text": "Windows Print Spooler Remote Code Execution Vulnerability",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Customers using Pepperl+Fuchs HMI devices out of VisuNet RM*, VisuNet PC* or Box Thin Client BTC* product families should follow these guidelines:\n\nPepperl+Fuchs HMI devices running RM Shell 5 should install \"Security Patch PrintNightmare (18-34369)\" to disable the \"Allow Print Spooler to accept client connections:\" group policy to block remote attacks: https://www.pepperl-fuchs.com/cgi-bin/db/doci.pl/?ShowDocByDocNo=18-34369\n\nPepperl+Fuchs HMI devices running a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 should use the Windows Update functionality to update the system.\n\nCustomers using HMI devices based on Windows 7 or older should upgrade to a Windows 10 LTSB 2016 or Windows 10 LTSC 2019 Version.\n\nSecurity updates\nPlease check the P+F website regularly for Windows security updates and use our security update service to be informed about the latest security incidents. We will inform you as soon as Microsoft releases further security updates and measures for existing vulnerabilities.\n\nFor Support please contact your local Pepperl+Fuchs sales representative.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-11001",
            "CSAFPID-11002",
            "CSAFPID-11003"
          ]
        }
      ],
      "title": "CVE-2021-34527"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.