Sauter Modulo 6 Devices and EY-Modulo 5 Products Crash Vulnerability via Incomplete SOAP Request

A vulnerability exists in SAUTER modulo 6 devices and certain EY-Modulo 5 products, allowing an unauthenticated remote attacker to crash the wscserver by sending incomplete SOAP requests. This disruption requires a device reboot to restore functionality, as the wscserver process is not automatically restarted by a watchdog. The issue is present in SAUTER modulo 6 embedded software versions prior to 3.2.0, as well as in EY-Modulo 5 devices running versions prior to 6.0.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the wscserver process to crash and requiring a device reboot to restore normal operation.

Remediation

Users can update to SAUTER modulo 6 embedded software version 3.2.0 or newer. For EY-Modulo 5 devices, the firmware version 6.0 must be installed. This update requires CASE Suite version 5.2 SR5 or newer. Contact a local SAUTER representative for assistance.