Pilz IndustrialPI Web Application Authentication Bypass Vulnerability

A vulnerability allowing unauthenticated remote attackers to bypass login authentication in the web application of affected IndustrialPI devices has been identified. This flaw enables access to and modification of all available settings within the IndustrialPI application. The vulnerability affects Pilz IndustrialPI version 4 with the IndustrialPI webstatus component, prior to version 2.4.6.

Impact

Exploiting this vulnerability allows for authentication bypass, granting unauthorized users access to the web application where they can alter all settings of the IndustrialPI.

Remediation

Users are advised to update the webstatus package to version 2.4.6 using the 'apt' package manager. After updating, the version of the webstatus package can be checked with 'dpkg -l | grep revpi-webstatus'. Additionally, it is recommended to limit network access to the IndustrialPI using a firewall or similar measures.