Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways
A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS) issues. The impacted products were found to leverage outdated versions of third-party components that were known to have vulnerabilities, including PHP, OpenSSL,…