CVE-2018-19009 in PNOZmulti Configurator
Summary
by MITRE
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/06/2020
The vulnerability identified as CVE-2018-19009 represents a critical security flaw in Pilz PNOZmulti Configurator software versions prior to 10.9, specifically affecting the PMI m107 diag HMI device. This issue stems from inadequate credential handling practices where sensitive authentication data is stored and transmitted in plain text format, creating a significant exposure risk for industrial control systems. The vulnerability is particularly concerning because it requires only local system access and physical presence to exploit, making it accessible to attackers who have already gained administrative privileges or physical access to the industrial environment.
The technical flaw manifests in the improper storage and handling of authentication credentials within the PNOZmulti Configurator software, which operates within industrial automation and safety systems. When the software processes configuration data for the PMI m107 diag HMI device, it fails to encrypt or obfuscate sensitive credential information, leaving it vulnerable to clear-text exposure. This weakness directly violates security best practices and aligns with CWE-312, which specifically addresses the exposure of sensitive information through cleartext storage or transmission. The vulnerability is further exacerbated by the fact that the affected system operates in industrial control environments where physical security may be compromised, and where attackers with local access can leverage this flaw to escalate their privileges and gain unauthorized control over critical safety systems.
The operational impact of this vulnerability extends beyond simple credential theft, as it enables attackers with local access to not only view sensitive data but also to modify configuration data on the HMI device itself. This modification capability represents a significant risk to industrial safety systems, as it could potentially allow an attacker to alter safety parameters, disable protective mechanisms, or manipulate operational data that could lead to dangerous system states. The attack surface is particularly concerning given that the PMI m107 diag HMI device is part of industrial safety systems where unauthorized modifications could compromise the integrity of safety-critical operations. This vulnerability directly maps to ATT&CK technique T1555.003, which covers credentials from password protected files, and represents a serious threat to industrial control system security where the consequences of unauthorized access could extend beyond data compromise to physical safety risks.
The exploitation of this vulnerability requires only local access to the system containing the PNOZmulti Configurator software, making it particularly dangerous in environments where physical security is inadequate or where insiders with legitimate access might abuse their privileges. Attackers with access to the system can extract clear-text credentials and subsequently use them to modify HMI configuration data on the PMI m107 diag device, potentially compromising the safety and operational integrity of the entire industrial process. Organizations should implement immediate mitigations including upgrading to PNOZmulti Configurator version 10.9 or later, which addresses this credential exposure issue through proper encryption and secure handling of authentication data. Additionally, implementing network segmentation, access controls, and regular security audits can help reduce the risk of unauthorized access to industrial control systems and prevent exploitation of this vulnerability in environments where physical security may be compromised.