Executive Summary

CVE-2026-3323 is a vulnerability in VEGA Grieshaber KG's VEGAPULS 6X devices running firmware versions 1.0.0 and 1.1.0. It involves an unsecured configuration interface that lacks authentication controls, allowing unauthenticated remote attackers to access sensitive information.

This interface exposes sensitive data such as hashed credentials and access codes to unauthorized users, including those with no or low privileges. This can enable attackers to impersonate authorized users and potentially modify device configurations without authentication.

The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function) and has a high severity rating with a CVSS v3.1 base score of 7.5.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact by allowing unauthenticated remote attackers to access sensitive information such as hashed credentials and access codes.

Attackers can use this information to impersonate authorized users and potentially perform authenticated modifications to the device configurations without permission.

Although the vulnerability does not affect integrity or availability, the high confidentiality impact means sensitive data exposure could lead to further security breaches.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability involves an unsecured configuration interface on VEGAPULS 6X devices running firmware versions 1.0.0 and 1.1.0 that allows unauthenticated remote access to sensitive information.

Detection can focus on identifying devices running the vulnerable firmware versions and checking for the presence of the exposed configuration interface, particularly the network service "FDI over PROFINET".

While specific commands are not provided in the resources, network scanning tools can be used to detect devices exposing the "FDI over PROFINET" service on the network.

• Use network scanning tools (e.g., nmap) to scan for open PROFINET-related ports or services on devices.
• Identify devices running firmware versions 1.0.0 or 1.1.0 by querying device information if accessible.
• Check for unauthorized access to the configuration interface by attempting to access it without authentication in a controlled environment.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include disabling the network service "FDI over PROFINET" if it is not required, to reduce exposure of the unsecured configuration interface.

Implement strict access controls on physical interfaces to prevent unauthorized physical access to the devices.

Update the affected devices to the fixed firmware version 1.1.1, which addresses the vulnerability.

After applying the firmware update, restart the vulnerable component to ensure the fix is active.

Rotate any credentials used on the affected devices, as they may have been compromised.

For emergency credential rotation or further assistance, contact VEGA Support.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes, which can lead to unauthorized access and impersonation of authorized users.

Such unauthorized access to sensitive data can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive information and proper access controls.

Failure to secure configuration interfaces and protect credentials may lead to breaches of confidentiality obligations mandated by these regulations.

Useful 0 Not Useful 0