{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "audience": "csaf creator", "category": "other", "text": "Link to repository: [CERT@VDE CSAF Template](https://github.com/CERTVDE/CSAF-Template) © 2025 by [CERT@VDE](https://certvde.com) is licensed under [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1) \n\nThis document note may only be removed in order to create a CSAF advisory based on this template.", "title": "LICENSE" }, { "category": "summary", "text": "The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.", "title": "Summary" }, { "category": "description", "text": "A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.", "title": "Impact" }, { "category": "description", "text": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.; ", "title": "Remediation" } ], "publisher": { "category": "vendor", "contact_details": "security@pilz.com", "name": "Pilz GmbH & Co. KG", "namespace": "https://www.pilz.com" }, "references": [ { "category": "external", "summary": "For further security-related issues in Pilz products please contact the Pilz Product Security Incident Response Team (PSIRT)", "url": "https://www.pilz.com/security" }, { "category": "external", "summary": "CERT@VDE Security Advisories for Pilz GmbH & Co. KG", "url": "https://certvde.com/en/advisories/vendor/pilz/" }, { "category": "self", "summary": "PPSA-2026-002: Pilz: Vulnerability affecting PASvisu Runtime - HTML", "url": "https://certvde.com/en/advisories/VDE-2026-019/" }, { "category": "self", "summary": "PPSA-2026-002: Pilz: Vulnerability affecting PASvisu Runtime - CSAF", "url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2026/ppsa-2026-002.json" } ], "title": "Pilz: Vulnerability affecting PASvisu Runtime", "tracking": { "aliases": [ "VDE-2026-019", "PPSA-2026-002" ], "current_release_date": "2026-04-23T12:00:00.000Z", "generator": { "date": "2026-04-23T12:38:13.854Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "PPSA-2026-002", "initial_release_date": "2026-04-23T12:00:00.000Z", "revision_history": [ { "date": "2026-04-23T12:00:00.000Z", "number": "1.0.0", "summary": "Initial Version" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "<=1.15.1", "product": { "name": "PASvisu <=1.15.1", "product_id": "CSAFPID-51000" } }, { "category": "product_version", "name": "1.16.0", "product": { "name": "PASvisu 1.16.0", "product_id": "CSAFPID-52000" } } ], "category": "product_name", "name": "PASvisu" } ], "category": "product_family", "name": "Software" }, { "branches": [ { "category": "product_name", "name": "PMIv7xxe", "product": { "name": "PMIv7xxe", "product_id": "CSAFPID-11000", "product_identification_helper": { "model_numbers": [ "266704", "266707" ] } } }, { "category": "product_name", "name": "PMIv8xx", "product": { "name": "PMIv8xx", "product_id": "CSAFPID-12000", "product_identification_helper": { "model_numbers": [ "266807", "266812", "266815" ] } } } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "<=03.01.00", "product": { "name": "Firmware PMI v70Xe <=03.01.00", "product_id": "CSAFPID-21000" } }, { "category": "product_version", "name": "04.00.00", "product": { "name": "Firmware PMI v70Xe 04.00.00", "product_id": "CSAFPID-22000" } } ], "category": "product_name", "name": "Firmware PMI v70Xe" }, { "branches": [ { "category": "product_version_range", "name": "<=2.2.2", "product": { "name": "Firmware PMI v8 <=2.2.2", "product_id": "CSAFPID-21001" } }, { "category": "product_version", "name": "2.3.0", "product": { "name": "Firmware PMI v8 2.3.0", "product_id": "CSAFPID-22001" } } ], "category": "product_name", "name": "Firmware PMI v8" } ], "category": "product_name", "name": "Firmware" } ], "category": "vendor", "name": "Pilz" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-31001", "CSAFPID-31003", "CSAFPID-51000" ], "summary": "Affected products" }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32003", "CSAFPID-52000" ], "summary": "fixed products" } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware PMI v70Xe <=03.01.00 installed on PMIv7xxe", "product_id": "CSAFPID-31000" }, "product_reference": "CSAFPID-21000", "relates_to_product_reference": "CSAFPID-11000" }, { "category": "installed_on", "full_product_name": { "name": "PASvisu <=1.15.1 installed on Firmware PMI v70Xe <=03.01.00 installed on PMIv7xxe", "product_id": "CSAFPID-31001" }, "product_reference": "CSAFPID-51000", "relates_to_product_reference": "CSAFPID-31000" }, { "category": "installed_on", "full_product_name": { "name": "Firmware PMI v70Xe 04.00.00 installed on PMIv7xxe", "product_id": "CSAFPID-32000" }, "product_reference": "CSAFPID-22000", "relates_to_product_reference": "CSAFPID-11000" }, { "category": "installed_on", "full_product_name": { "name": "PASvisu 1.16.0 installed on Firmware PMI v70Xe 04.00.00 installed on PMIv7xxe", "product_id": "CSAFPID-32001" }, "product_reference": "CSAFPID-52000", "relates_to_product_reference": "CSAFPID-32000" }, { "category": "installed_on", "full_product_name": { "name": "Firmware PMI v8 <=2.2.2 installed on PMIv8xx", "product_id": "CSAFPID-31002" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-12000" }, { "category": "installed_on", "full_product_name": { "name": "PASvisu <=1.15.1 installed on Firmware PMI v8 <=2.2.2 installed on PMIv8xx", "product_id": "CSAFPID-31003" }, "product_reference": "CSAFPID-51000", "relates_to_product_reference": "CSAFPID-31002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware PMI v8 2.3.0 installed on PMIv8xx", "product_id": "CSAFPID-32002" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-12000" }, { "category": "installed_on", "full_product_name": { "name": "PASvisu 1.16.0 installed on Firmware PMI v8 2.3.0 installed on PMIv8xx", "product_id": "CSAFPID-32003" }, "product_reference": "CSAFPID-52000", "relates_to_product_reference": "CSAFPID-32002" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25193", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "notes": [ { "category": "description", "text": "Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32003", "CSAFPID-52000" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31003", "CSAFPID-51000" ] }, "remediations": [ { "category": "mitigation", "details": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.", "product_ids": [ "CSAFPID-31001", "CSAFPID-31003", "CSAFPID-51000" ] }, { "category": "vendor_fix", "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'PASvisu 1.16.0' on to your device.", "product_ids": [ "CSAFPID-51000" ] }, { "category": "vendor_fix", "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image 'Firmware PMI v70Xe (visu 1.16.0) 04.00.00' on to your device.", "product_ids": [ "CSAFPID-31001" ] }, { "category": "vendor_fix", "details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download 'Firmware PMI v8 Assistant (visu 1.16.0) 2.3.0' in order to install the new verison of the firmware on to your device.", "product_ids": [ "CSAFPID-31003" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-51000", "CSAFPID-31001", "CSAFPID-31003" ] } ], "title": "CVE-2018-25193" } ] }