VDE-2020-017
Vulnerability from csaf_pepperlfuchsse - Published: 2020-05-29 10:00 - Updated: 2025-05-22 13:03Summary
Pepperl+Fuchs, PACTware: Two password vulnerabilities found
Notes
Summary: PACTware passwords are stored in a recoverable format (CVE-2020-9403)
PACTware passwords may be modified without knowing the current password (CVE-2020-9404)
Impact: PACTware supports 'user roles', which limit user access according to FDT Guide- lines. By default, no passwords are set and the default user has the user role 'admin' with no limitations.
If the user enables role access control, each role may be protected with an indi- vidual password.
These settings could be changed by a local user without any verification. This means a local user may modify role enablement, and role passwords, without authenticating first. (CVE-2020-9404)
The settings can be read by a local user with no verification. It is possible to recover passwords for the roles, if passwords were previously set. (CVE-2020-9403)
If the user has not enabled individual roles, an attacker may enable the roles and assign passwords to them. This could block legitimate users from using the software.
Remediation: PACTware will protect the manipulation of stored passwords by using a salted mechanism of password encryption with an additional SHA256 hash. (CVE-2020-9403)
Any further changes in 'user role'-administration will need a confirmation by using the current login password. (CVE-2020-9404)
This will be fixed in following versions (and higher):
* PACTware 5.0.5.31
* PACTware 4.1 SP6
Overview about version history: https://pactware.com/de/service
You can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.
In case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).
PACTware passwords may be modified without knowing the current password
7.1 (High)
Vendor Fix
Any further changes in 'user role'-administration will need a confirmation by using the current login password.
This will be fixed in following versions (and higher):
PACTware 5.0.5.31
PACTware 4.1 SP6
Overview about version history: https://pactware.com/de/service
You can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.
In case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).
PACTware passwords are stored in a recoverable format
5.5 (Medium)
Vendor Fix
PACTware will protect the manipulation of stored passwords by using a salted mechanism of password encryption with an additional SHA256 hash.
This will be fixed in following versions (and higher):
* PACTware 5.0.5.31
* PACTware 4.1 SP6
Overview about version history: https://pactware.com/de/service
You can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.
In case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).
References
Acknowledgments
CERT@VDE and BSI
Dragos, Inc.
Reid Wightman
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE and BSI",
"summary": "coordination"
},
{
"names": [
"Reid Wightman"
],
"organization": "Dragos, Inc.",
"summary": "discovered"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "PACTware passwords are stored in a recoverable format (CVE-2020-9403)\n\nPACTware passwords may be modified without knowing the current password (CVE-2020-9404)",
"title": "Summary"
},
{
"category": "description",
"text": "PACTware supports \u0027user roles\u0027, which limit user access according to FDT Guide- lines. By default, no passwords are set and the default user has the user role \u0027admin\u0027 with no limitations.\nIf the user enables role access control, each role may be protected with an indi- vidual password.\nThese settings could be changed by a local user without any verification. This means a local user may modify role enablement, and role passwords, without authenticating first. (CVE-2020-9404)\nThe settings can be read by a local user with no verification. It is possible to recover passwords for the roles, if passwords were previously set. (CVE-2020-9403)\nIf the user has not enabled individual roles, an attacker may enable the roles and assign passwords to them. This could block legitimate users from using the software.",
"title": "Impact"
},
{
"category": "description",
"text": "PACTware will protect the manipulation of stored passwords by using a salted mechanism of password encryption with an additional SHA256 hash. (CVE-2020-9403)\nAny further changes in \u0027user role\u0027-administration will need a confirmation by using the current login password. (CVE-2020-9404)\n\nThis will be fixed in following versions (and higher):\n\n* PACTware 5.0.5.31\n* PACTware 4.1 SP6\n\nOverview about version history: https://pactware.com/de/service\nYou can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.\nIn case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "Pepperl+Fuchs SE PSIRT description",
"url": "https://www.pepperl-fuchs.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2020-017: Pepperl+Fuchs, PACTware: Two password vulnerabilities found - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-017/"
},
{
"category": "self",
"summary": "VDE-2020-017: Pepperl+Fuchs, PACTware: Two password vulnerabilities found - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-017.json"
}
],
"title": "Pepperl+Fuchs, PACTware: Two password vulnerabilities found",
"tracking": {
"aliases": [
"VDE-2020-017"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2024-10-24T08:37:20.325Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.13"
}
},
"id": "VDE-2020-017",
"initial_release_date": "2020-05-29T10:00:00.000Z",
"revision_history": [
{
"date": "2020-05-29T10:00:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: version space, added distribution, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "PACTware",
"product": {
"name": "PACTware",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=5.0.4xx",
"product": {
"name": "Firmware \u003c=5.0.4xx",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.1 SP5",
"product": {
"name": "Firmware \u003c=4.1 SP5",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=3.x",
"product": {
"name": "Firmware \u003c=3.x",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.4",
"product": {
"name": "Firmware \u003c=2.4",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "5.0.5.31",
"product": {
"name": "Firmware 5.0.5.31",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "4.1 SP6",
"product": {
"name": "Firmware 4.1 SP6",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs SE"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=5.0.4xx installed on PACTware",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=4.1 SP5 installed on PACTware",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=3.x installed on PACTware",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.4 installed on PACTware",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 5.0.5.31 installed on PACTware",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.1 SP6 installed on PACTware",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-9404",
"cwe": {
"id": "CWE-620",
"name": "Unverified Password Change"
},
"notes": [
{
"category": "description",
"text": "PACTware passwords may be modified without knowing the current password",
"title": "Vulnerability Description "
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Any further changes in \u0027user role\u0027-administration will need a confirmation by using the current login password.\n\nThis will be fixed in following versions (and higher):\n\nPACTware 5.0.5.31\nPACTware 4.1 SP6\nOverview about version history: https://pactware.com/de/service\nYou can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.\nIn case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-9404"
},
{
"cve": "CVE-2020-9403",
"cwe": {
"id": "CWE-257",
"name": "Storing Passwords in a Recoverable Format"
},
"notes": [
{
"category": "description",
"text": "PACTware passwords are stored in a recoverable format",
"title": "Vulnerability Description "
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PACTware will protect the manipulation of stored passwords by using a salted mechanism of password encryption with an additional SHA256 hash.\nThis will be fixed in following versions (and higher):\n\n* PACTware 5.0.5.31\n* PACTware 4.1 SP6\n\nOverview about version history: https://pactware.com/de/service\nYou can protect yourself against manipulation by restricting the access to the PC where PACTware is installed.\nIn case of not known passwords it can be reset by reinstallation of PACTware (all PACTware versions).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2020-9403"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…