PEPPERL+FUCHS suggests users should upgrade to new firmware to mitigate a path traversal vulnerability in WirelessHART Gateways, according to a report with NCCIC.
Successful exploitation of this vulnerability, self-reported by PEPPERL+FUCHS , could allow access to files and restricted directories stored on the device through the manipulation of file parameters.
PEPPERL+FUCHS said all WHA-GW-* products suffer from the remotely exploitable vulnerability. Public exploits are available.
A path traversal vulnerability has been identified, which may allow unauthorized disclosure of information.
CVE-2018-16059 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.
The product sees use mainly in the critical manufacturing and information technology sectors. It also sees action on a global basis.
Attackers with low skill level could leverage the vulnerability.
Germany-based PEPPERL+FUCHS reports affected users with WHA-GW-*-ETH devices should upgrade to firmware Version 03.00.08. Affected users with WHA-GW-*-ETH.EIP devices should upgrade to firmware Version 02.00.01.
For more information, see the advisory CERT@VDE wrote for PEPPERL+FUCHS.