VDE-2023-048

Vulnerability from csaf_pilzgmbhcokg - Published: 2023-12-05 07:00 - Updated: 2025-05-22 13:03
Summary
Pilz: Multiple products prone to libwebp vulnerability
Notes
Summary: Several Pilz products use the 3rd-party component 'libwebp' for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.
Impact: Decoding of a specially crafted image leads to a heap buffer overflow. In a worst-case scenario, a successful exploitation of the vulnerability can lead to execution of arbitrary code using the privileges of the user running the affected software. In case of PIT Transponder Manager and the PASvisu Builder, the vulnerability can only be exploited locally. Depending on the configuration of the PASvisu Runtime, a remote exploitation may be possible.
Remediation: Install the fixed product version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version. PASvisu Runtime: Limit network access to legitimate connections by using a firewall or similarmeasures. Restrict administrative access by setting up user authentication properly.
General Countermeasures: - Only use project and image files from trustworthy sources. - Protect project and image files against modification by unauthorized users.
CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Install the fixed product version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version. PASvisu Runtime: Limit network access to legitimate connections by using a firewall or similarmeasures. Restrict administrative access by setting up user authentication properly.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Several Pilz products use the 3rd-party component \u0027libwebp\u0027 for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Decoding of a specially crafted image leads to a heap buffer overflow. In a worst-case scenario, a successful exploitation of the vulnerability can lead to execution of arbitrary code using the privileges of the user running the affected software. In case of PIT Transponder Manager and the PASvisu Builder, the vulnerability can only be exploited locally. Depending on the configuration of the PASvisu Runtime, a remote exploitation may be possible.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Install the fixed product version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.\nPASvisu Runtime: Limit network access to legitimate connections by using a firewall or similarmeasures. Restrict administrative access by setting up user authentication properly.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "- Only use project and image files from trustworthy sources.\n- Protect project and image files against modification by unauthorized users.",
        "title": "General Countermeasures"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@pilz.com",
      "name": "Pilz GmbH \u0026 Co. KG",
      "namespace": "https://www.pilz.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-048: Pilz: Multiple products prone to libwebp vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-048/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-048: Pilz: Multiple products prone to libwebp vulnerability - CSAF",
        "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-048.json"
      },
      {
        "category": "external",
        "summary": "Pilz PSIRT",
        "url": "https://www.pilz.com/en-INT/products/industrial-security/security-incident-management"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/pilz/"
      }
    ],
    "title": "Pilz: Multiple products prone to libwebp vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2023-048"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2025-05-05T11:57:25.417Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-048",
      "initial_release_date": "2023-12-05T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-12-05T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "2",
          "summary": "Fix: quotation mark"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.14.1",
                    "product": {
                      "name": "PASvisu \u003c 1.14.1",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PASvisu"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.2.0",
                    "product": {
                      "name": "PIT Transponder Manager \u003c 1.2.0",
                      "product_id": "CSAFPID-51002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PIT Transponder Manager"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2.0.33992",
                    "product": {
                      "name": "PMI v8xx \u003c= 2.0.33992",
                      "product_id": "CSAFPID-51003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "266807",
                          "266812",
                          "266815"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PMI v8xx"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Pilz"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4863",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the fixed product version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.\nPASvisu Runtime: Limit network access to legitimate connections by using a firewall or similarmeasures. Restrict administrative access by setting up user authentication properly.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003"
          ]
        }
      ],
      "title": "CVE-2023-4863"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.