What security vulnerabilities have been reported in KUNBUS GmbH Revolution Pi products?

CISA has reported multiple security vulnerabilities in KUNBUS GmbH Revolution Pi industrial control system products. These include CVE-2025-24522 (Missing Authentication for Critical Function, CVSS 9.3), CVE-2025-32011 (Authentication Bypass, CVSS 9.3), CVE-2025-35996 (Improper Neutralization of Server-Side Includes, CVSS 8.5), and CVE-2025-36558 (Improper Neutralization of Server-Side Includes, CVSS 5.1).

What is the CVE-2025-24522 vulnerability?

CVE-2025-24522 (CVSS score 9.3) is a Missing Authentication for Critical Function vulnerability. This exists because authentication is not configured by default for the Node-RED server, potentially allowing unauthenticated remote attackers to gain full access to the Node-RED server and execute arbitrary commands on the underlying operating system.

What is the CVE-2025-32011 vulnerability?

CVE-2025-32011 (CVSS score 9.3) is an Authentication Bypass vulnerability. KUNBUS PiCtory versions 2.5.0 through 2.11.1 contain this vulnerability where remote attackers can bypass authentication to gain access due to a path traversal issue.

What are the cross-site scripting vulnerabilities in KUNBUS products?

There are two cross-site scripting vulnerabilities: CVE-2025-35996 (CVSS score 8.5) allows an authenticated remote attacker to craft a special filename that can be executed as an HTML script tag due to missing sanitization. CVE-2025-36558 (CVSS score 5.1) enables attacks via the sso_token used for authentication, where a malicious PiCtory URL containing an HTML script as an sso_token will execute that script.

Which KUNBUS Revolution Pi versions are affected by these vulnerabilities?

The affected versions include: Revolution Pi OS Bookworm versions 01/2025 and earlier, Revolution Pi PiCtory versions 2.5.0 through 2.11.1, and Revolution Pi PiCtory version 2.11.1 and earlier.

What remediation steps does KUNBUS recommend for these vulnerabilities?

Users should update the PiCtory package to version 2.12, preferably through KUNBUS's management UI Cockpit. The update package can also be downloaded directly from the vendor. Additionally, it is strongly recommended that users activate authentication for their Revolution Pi systems by following the vendor's guide.

What potential impacts could result from exploiting these vulnerabilities?

Successful exploitation of these vulnerabilities could allow attackers to bypass authentication, gain unauthorized access to critical functions, execute malicious code, and potentially gain full access to the system and execute arbitrary commands on the underlying operating system.

Advisory

CISA reports multiple flaws in KUNBUS GmbH Revolution Pi, two critical

Q: Are there any upcoming security improvements planned for KUNBUS Revolution Pi products?

Yes, by the end of April 2025, KUNBUS plans to release a new Cockpit plugin with a graphical interface for making security configurations, which should help users implement security measures more easily.

published: May 3, 2025

Take action: If you are using KUNBUS GmbH Revolution Pi systems, make sure they are isolated from the internet and accessible only from trusted networks. Then plan an update to latest version and enforce authentication on the Revolution Pi systems.

Learn More

CISA reports multiple security vulnerabilities in KUNBUS GmbH Revolution Pi industrial control system products. Successful exploitation of these vulnerabilities could allow attackers to bypass authentication, gain unauthorized access to critical functions, and execute malicious code.

Vulnerabilities summary

CVE-2025-24522 (CVSS score 9.3) - Missing Authentication for Critical Function. This vulnerability exists because authentication is not configured by default for the Node-RED server, potentially allowing unauthenticated remote attackers to gain full access to the Node-RED server and execute arbitrary commands on the underlying operating system.
CVE-2025-32011 (CVSS score 9.3) - Authentication Bypass. KUNBUS PiCtory versions 2.5.0 through 2.11.1 contain an authentication bypass vulnerability where remote attackers can bypass authentication to gain access due to a path traversal issue.
CVE-2025-35996 (CVSS score 8.5) - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page. KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. Due to missing escape or sanitization, the filename could be executed as an HTML script tag, resulting in a cross-site scripting attack.
CVE-2025-36558, (CVSS score 5.1) - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page. KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site scripting attack via the sso_token used for authentication. If an attacker provides a user with a PiCtory URL containing an HTML script as an sso_token, that script will be executed.

The following KUNBUS Revolution Pi versions are affected:

Revolution Pi OS Bookworm: Versions 01/2025 and earlier
Revolution Pi PiCtory: Versions 2.5.0 through 2.11.1
Revolution Pi PiCtory: Versions 2.11.1 and earlier

Users should update the PiCtory package to version 2.12, preferably through KUNBUS's management UI Cockpit. The update package can also be downloaded directly from the vendor. By the end of April 2025, KUNBUS plans to release a new Cockpit plugin with a graphical interface for making security configurations.

In the meantime, it is strongly recommended that users activate authentication for their Revolution Pi systems by following the vendor's guide.

CISA reports multiple flaws in KUNBUS GmbH Revolution Pi, two critical

Read More
Schneider Electric reports critical flaw in Modicon Programmable …
Multiple vulnerabilities reported in Hitachi Energy Asset Suite, …
Emerson fixes critical issues in Rosemount Gas Chromatograph
WHILL electric wheelchairs vulnerable to remote bluetooth hijacking
CISA reports flaws in mySCADA myPRO Manager and …