Security News > 2020 > October > Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.
SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.
Learn more about vulnerabilities in industrial systems at SecurityWeek's 2020 ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
SEC Consult pointed out that the vulnerabilities are actually in firmware provided to Pepperl+Fuchs by a third party, which has not been named by SEC Consult.
The vulnerabilities were reported by SEC Consult through Germany's in April, and while Pepperl+Fuchs addressed them, it seemed until recently that the OEM would not take any action.
News URL
Related news
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)