Security News > 2020 > October > Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.
SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.
Learn more about vulnerabilities in industrial systems at SecurityWeek's 2020 ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
SEC Consult pointed out that the vulnerabilities are actually in firmware provided to Pepperl+Fuchs by a third party, which has not been named by SEC Consult.
The vulnerabilities were reported by SEC Consult through Germany's in April, and while Pepperl+Fuchs addressed them, it seemed until recently that the OEM would not take any action.
News URL
Related news
- Critical vulnerabilities take 4.5 months on average to remediate (source)
- Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (source)
- London hospitals left in critical condition after ransomware attack (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)