A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS) issues. The impacted products were found to leverage outdated versions of third-party components that were known to have vulnerabilities, including PHP, OpenSSL, BusyBox, Linux kernel, and lighttpd.

In an advisory published on January 4, Pepperl+Fuchs said the vulnerabilities can allow remote attackers to gain access to the targeted device, execute “any program,” and obtain information.