VDE-2024-065

Vulnerability from csaf_pepperlfuchsse - Published: 2024-11-26 11:00 - Updated: 2025-05-14 12:28
Summary
PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key
Severity
Medium
Notes
Summary: A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.
Impact: An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
Mitigation: Protect the device from unauthorized physical access.
Remediation: Install the appropiate updates from the Pepperl+Fuchs Homepage: * 18-34761B (BIOS 1.01) for BTC22-* * 18-35033B (BIOS 1.01) for BTC24-* * 18-34132C (BIOS 1.02) for RM-320* * 18-34132C / 18-34133E (BIOS 1.02) for PC320*
CVE-2024-8105

A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.

6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-1394 - Use of Default Cryptographic Key
Mitigation Protect the device from unauthorized physical access.
Vendor Fix Install the appropiate updates from the Pepperl+Fuchs Homepage: * 18-34761B (BIOS 1.01) for BTC22-* * 18-35033B (BIOS 1.01) for BTC24-* * 18-34132C (BIOS 1.02) for RM-320* * 18-34132C / 18-34133E (BIOS 1.02) for PC320* https://www.pepperl-fuchs.com/germany/de/classid_…
References
Acknowledgments
CERT@VDE certvde.com
Pepperl+Fuchs SE www.pepperl-fuchs.com/cybersecurity
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "Pepperl+Fuchs SE",
        "summary": "reporting",
        "urls": [
          "https://www.pepperl-fuchs.com/cybersecurity"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/calculator/3.1",
      "text": "medium\n"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Protect the device from unauthorized physical access.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Install the appropiate updates from the Pepperl+Fuchs Homepage:\n* 18-34761B (BIOS 1.01) for BTC22-*\n* 18-35033B (BIOS 1.01) for BTC24-*\n* 18-34132C (BIOS 1.02) for RM-320*\n* 18-34132C / 18-34133E (BIOS 1.02) for PC320*",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cert@pepperl-fuchs.com",
      "name": "Pepperl+Fuchs SE",
      "namespace": "https://www.pepperl-fuchs.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Pepperl+Fuchs PSIRT",
        "url": "https://pepperl-fuchs.com/cybersecurity"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
        "url": "https://certvde.com/en/advisories/vendor/pepperl+fuchs/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-065: PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key  - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-065"
      },
      {
        "category": "self",
        "summary": "VDE-2024-065: PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key  - CSAF",
        "url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-065.json"
      }
    ],
    "title": "PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key ",
    "tracking": {
      "aliases": [
        "VDE-2024-065"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2024-11-21T10:28:19.832Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.13"
        }
      },
      "id": "VDE-2024-065",
      "initial_release_date": "2024-11-26T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-11-26T11:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "2",
          "summary": "Fix: version space"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "BTC22-NA-1BAJ-NN0",
                    "product": {
                      "name": "BTC22-NA-1BAJ-NN0",
                      "product_id": "CSAFPID-11001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "70179516 "
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "BTC22-NA-1BA1-NN0",
                    "product": {
                      "name": "BTC22-NA-1BA1-NN0",
                      "product_id": "CSAFPID-11002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "70170119"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "BTC22-*"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "BTC24-NA-1AAJ-NN0 ",
                    "product": {
                      "name": "BTC24-NA-1AAJ-NN0 ",
                      "product_id": "CSAFPID-11005",
                      "product_identification_helper": {
                        "model_numbers": [
                          "70179517"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "BTC24-NA-1AA1-NN0 ",
                    "product": {
                      "name": "BTC24-NA-1AA1-NN0 ",
                      "product_id": "CSAFPID-11006",
                      "product_identification_helper": {
                        "model_numbers": [
                          "70173575"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "BTC24-*"
              },
              {
                "category": "product_family",
                "name": "RM-320* ",
                "product": {
                  "name": "RM-320* ",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "70124565"
                    ]
                  }
                }
              },
              {
                "category": "product_family",
                "name": "PC-320* ",
                "product": {
                  "name": "PC-320* ",
                  "product_id": "CSAFPID-11008",
                  "product_identification_helper": {
                    "model_numbers": [
                      "70124565"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.01",
                    "product": {
                      "name": "BIOS \u003c1.01",
                      "product_id": "CSAFPID-21000"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.01",
                    "product": {
                      "name": "BIOS 1.01",
                      "product_id": "CSAFPID-22000"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.02",
                    "product": {
                      "name": "BIOS 1.02",
                      "product_id": "CSAFPID-22001"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.02",
                    "product": {
                      "name": "BIOS \u003c1.02",
                      "product_id": "CSAFPID-21001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "BIOS"
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "PEPPERL+FUCHS"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.01 installed on BTC22-NA-1BAJ-NN0",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21000",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.01 installed on BTC22-NA-1BA1-NN0",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21000",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.01 installed on BTC24-NA-1AAJ-NN0 ",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21000",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.01 installed on BTC24-NA-1AA1-NN0 ",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21000",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.02 installed on RM-320* ",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS \u003c1.02 installed on PC-320* ",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.01 installed on BTC22-NA-1BAJ-NN0",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22000",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.01 installed on BTC22-NA-1BA1-NN0",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22000",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.01 installed on BTC24-NA-1AAJ-NN0 ",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22000",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.01 installed on BTC24-NA-1AA1-NN0 ",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22000",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.02 installed on RM-320* ",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "BIOS 1.02 installed on PC-320* ",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8105",
      "cwe": {
        "id": "CWE-1394",
        "name": "Use of Default Cryptographic Key"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.",
          "title": "Vulnerability Description"
        },
        {
          "audience": "operational management and system administrators",
          "category": "details",
          "text": "PKfail is the result of device vendors using as Platform Key a default test key provided by AMI. Since these keys were generated for testing purposes and thus likely supplied as part of AMI UEFI solution, they should be assumed untrusted and compromised. In particular, we identified the private part of a Platform Key in a recent data breach that affected an ODM working with AMI. Owning this private key makes it extremely straightforward to manipulate the content of db and dbx. Since these databases are used by UEFI firmware to determine whether third-party UEFI modules and bootloaders are allowed to execute or must be forbidden, an attacker leveraging PKfail can easily run malicious code during the boot process even on devices where Secure Boot is enabled.",
          "title": "Vulnerability characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Protect the device from unauthorized physical access.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2024-10-31T11:00:00.000Z",
          "details": "Install the appropiate updates from the Pepperl+Fuchs Homepage:\n* 18-34761B (BIOS 1.01) for BTC22-*\n* 18-35033B (BIOS 1.01) for BTC24-*\n* 18-34132C (BIOS 1.02) for RM-320*\n* 18-34132C / 18-34133E (BIOS 1.02) for PC320*",
          "group_ids": [
            "CSAFGID-0001"
          ],
          "url": "https://www.pepperl-fuchs.com/germany/de/classid_4098.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 6.4,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "CVE-2024-8105"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.