PPSA-2026-002
Vulnerability from csaf_pilzgmbhcokg - Published: 2026-04-23 12:00 - Updated: 2026-04-23 12:00Summary
Pilz: Vulnerability affecting PASvisu Runtime
Notes
LICENSE: Link to repository: [CERT@VDE CSAF Template](https://github.com/CERTVDE/CSAF-Template) © 2025 by [CERT@VDE](https://certvde.com) is licensed under [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1)
This document note may only be removed in order to create a CSAF advisory based on this template.
Summary: The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.
Impact: A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.
Remediation: Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.;
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
7.5 (High)
Mitigation
Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version 'PASvisu 1.16.0' on to your device.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image 'Firmware PMI v70Xe (visu 1.16.0) 04.00.00' on to your device.
Vendor Fix
Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download 'Firmware PMI v8 Assistant (visu 1.16.0) 2.3.0' in order to install the new verison of the firmware on to your device.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"audience": "csaf creator",
"category": "other",
"text": "Link to repository: [CERT@VDE CSAF Template](https://github.com/CERTVDE/CSAF-Template) \u00a9 2025 by [CERT@VDE](https://certvde.com) is licensed under [CC BY-NC 4.0](https://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1) \n\nThis document note may only be removed in order to create a CSAF advisory based on this template.",
"title": "LICENSE"
},
{
"category": "summary",
"text": "The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by malicious web requests.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack leads to a loss of availability of the affected Pilz products. For the products to be operational again, a manual restart is required.",
"title": "Impact"
},
{
"category": "description",
"text": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.; ",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "For further security-related issues in Pilz products please contact the Pilz Product Security Incident Response Team (PSIRT)",
"url": "https://www.pilz.com/security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
},
{
"category": "self",
"summary": "PPSA-2026-002: Pilz: Vulnerability affecting PASvisu Runtime - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-019/"
},
{
"category": "self",
"summary": "PPSA-2026-002: Pilz: Vulnerability affecting PASvisu Runtime - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2026/ppsa-2026-002.json"
}
],
"title": "Pilz: Vulnerability affecting PASvisu Runtime",
"tracking": {
"aliases": [
"VDE-2026-019",
"PPSA-2026-002"
],
"current_release_date": "2026-04-23T12:00:00.000Z",
"generator": {
"date": "2026-04-23T12:38:13.854Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "PPSA-2026-002",
"initial_release_date": "2026-04-23T12:00:00.000Z",
"revision_history": [
{
"date": "2026-04-23T12:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.15.1",
"product": {
"name": "PASvisu \u003c=1.15.1",
"product_id": "CSAFPID-51000"
}
},
{
"category": "product_version",
"name": "1.16.0",
"product": {
"name": "PASvisu 1.16.0",
"product_id": "CSAFPID-52000"
}
}
],
"category": "product_name",
"name": "PASvisu"
}
],
"category": "product_family",
"name": "Software"
},
{
"branches": [
{
"category": "product_name",
"name": "PMIv7xxe",
"product": {
"name": "PMIv7xxe",
"product_id": "CSAFPID-11000",
"product_identification_helper": {
"model_numbers": [
"266704",
"266707"
]
}
}
},
{
"category": "product_name",
"name": "PMIv8xx",
"product": {
"name": "PMIv8xx",
"product_id": "CSAFPID-12000",
"product_identification_helper": {
"model_numbers": [
"266807",
"266812",
"266815"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=03.01.00",
"product": {
"name": "Firmware PMI v70Xe \u003c=03.01.00",
"product_id": "CSAFPID-21000"
}
},
{
"category": "product_version",
"name": "04.00.00",
"product": {
"name": "Firmware PMI v70Xe 04.00.00",
"product_id": "CSAFPID-22000"
}
}
],
"category": "product_name",
"name": "Firmware PMI v70Xe"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.2.2",
"product": {
"name": "Firmware PMI v8 \u003c=2.2.2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.3.0",
"product": {
"name": "Firmware PMI v8 2.3.0",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_name",
"name": "Firmware PMI v8"
}
],
"category": "product_name",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
],
"summary": "Affected products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32003",
"CSAFPID-52000"
],
"summary": "fixed products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v70Xe \u003c=03.01.00 installed on PMIv7xxe",
"product_id": "CSAFPID-31000"
},
"product_reference": "CSAFPID-21000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu \u003c=1.15.1 installed on Firmware PMI v70Xe \u003c=03.01.00 installed on PMIv7xxe",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51000",
"relates_to_product_reference": "CSAFPID-31000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v70Xe 04.00.00 installed on PMIv7xxe",
"product_id": "CSAFPID-32000"
},
"product_reference": "CSAFPID-22000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu 1.16.0 installed on Firmware PMI v70Xe 04.00.00 installed on PMIv7xxe",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52000",
"relates_to_product_reference": "CSAFPID-32000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v8 \u003c=2.2.2 installed on PMIv8xx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-12000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu \u003c=1.15.1 installed on Firmware PMI v8 \u003c=2.2.2 installed on PMIv8xx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51000",
"relates_to_product_reference": "CSAFPID-31002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware PMI v8 2.3.0 installed on PMIv8xx",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-12000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "PASvisu 1.16.0 installed on Firmware PMI v8 2.3.0 installed on PMIv8xx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-52000",
"relates_to_product_reference": "CSAFPID-32002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25193",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "description",
"text": "Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32003",
"CSAFPID-52000"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Limit network access to PASvisu server by using a firewall, a host-based firewall or similar measures.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31003",
"CSAFPID-51000"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new version \u0027PASvisu 1.16.0\u0027 on to your device.",
"product_ids": [
"CSAFPID-51000"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and install the new firmware image \u0027Firmware PMI v70Xe (visu 1.16.0) 04.00.00\u0027 on to your device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Please visit the Pilz website (https://www.pilz.com/en-INT/search) and download \u0027Firmware PMI v8 Assistant (visu 1.16.0) 2.3.0\u0027 in order to install the new verison of the firmware on to your device.",
"product_ids": [
"CSAFPID-31003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000",
"CSAFPID-31001",
"CSAFPID-31003"
]
}
],
"title": "CVE-2018-25193"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…