Security News > 2020 > October > Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.
SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.
Learn more about vulnerabilities in industrial systems at SecurityWeek's 2020 ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
SEC Consult pointed out that the vulnerabilities are actually in firmware provided to Pepperl+Fuchs by a third party, which has not been named by SEC Consult.
The vulnerabilities were reported by SEC Consult through Germany's in April, and while Pepperl+Fuchs addressed them, it seemed until recently that the OEM would not take any action.
News URL
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)