WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability

Vulnerability

A format string vulnerability exists in the iw_console conio_writestr functionality of Weidmueller Industrial WLAN devices in multiple versions [1]. The vulnerability is triggered through a specially crafted time server entry that causes an overflow of the time server buffer. The affected product line and specific firmware versions are not enumerated in the available references [1].

Exploitation

An attacker must first authenticate as a low-privilege user to the device [1]. With that access, the attacker can send a specially crafted time server entry that exploits the format string flaw in the conio_writestr function [1]. The exploit does not require any additional user interaction or race condition windows.

Impact

Successful exploitation results in remote code execution on the target device [1]. The attacker gains arbitrary code execution at the privilege level of the affected process, which could lead to full compromise of the device's functionality and data confidentiality, integrity, and availability. The vendor advisory did not specify the degree of privilege escalation beyond the initial low-privilege user context [1].

Mitigation

The referenced advisory [1] does not provide a fixed version, release date, or workarounds for this vulnerability. Users are directed to contact the vendor for updated information. No known mitigation or patch has been disclosed as of the publication date. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog per the available information.