Security News > 2020 > October > Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.
SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.
Learn more about vulnerabilities in industrial systems at SecurityWeek's 2020 ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
SEC Consult pointed out that the vulnerabilities are actually in firmware provided to Pepperl+Fuchs by a third party, which has not been named by SEC Consult.
The vulnerabilities were reported by SEC Consult through Germany's in April, and while Pepperl+Fuchs addressed them, it seemed until recently that the OEM would not take any action.
News URL
Related news
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Most critical vulnerabilities aren’t worth your attention (source)
- Airplay-enabled devices open to attack via “AirBorne” vulnerabilities (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)