PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client (ICSA-18-198-03)

The NCCIC has released an advisory on an improper authentication vulnerability in PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client. All models of these products are affected. Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code. PEPPRL+FUCHS recommends users follow guidelines it has posted about addressing the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.