Bizerba GLx and CWx Device Firmware Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Bizerba device firmware for the GLx and CWx product families, versions prior to 16.20. An authenticated attacker can exploit this vulnerability over the network by using public FTP access to upload large amounts of data to the device's mass storage. This unregulated data transfer can completely fill the storage capacity, thereby compromising the device's availability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the device becomes unavailable due to excessive storage being consumed by uploaded data.

Remediation

Users are advised to update to the latest version of the device firmware. Additionally, access to FTP and SFTP should be restricted for unauthorized individuals or these services should be disabled.