CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks

CISA has issued an urgent advisory highlighting critical vulnerabilities in KUNBUS GmbH’s Revolution Pi industrial automation devices.

These flaws, which include authentication bypass and remote code execution risks, threaten sectors like manufacturing, energy, and healthcare. Attackers can disrupt operations, manipulate safety systems, or cause widespread downtime.

High-Severity Vulnerabilities in Revolution Pi

The advisory identifies three primary vulnerabilities affecting Revolution Pi OS Bookworm (01/2025) and PiCtory software (versions 2.5.0–2.11.1):

1. Missing Authentication for Critical Function (CVE-2025-24522)
The Node-RED server in Revolution Pi OS lacks default authentication, allowing unauthenticated attackers to execute arbitrary commands on the operating system. With a CVSS v3.1 score of 10.0, this flaw poses the highest risk, enabling full remote control of industrial systems.

2. Authentication Bypass via Path Traversal (CVE-2025-32011)
PiCtory’s authentication mechanism can be bypassed through path traversal, granting unauthorized access to critical functions (CVSS v3.1: 9.8). Attackers could reconfigure industrial processes or extract sensitive data.

3. Server-Side Includes (SSI) Injection (CVE-2025-24524)
PiCtory’s failure to sanitize filenames allows authenticated attackers to inject malicious scripts, leading to cross-site scripting (XSS) attacks (CVSS v3.1: 9.8). This could compromise user sessions or deliver payloads to control systems.

Affected Systems and Global Impact

Revolution Pi devices are deployed worldwide in critical infrastructure sectors, including:

• Energy: Grid monitoring and control systems
• Manufacturing: Production line automation
• Transportation: Traffic management networks
• Water Treatment: Sensor networks and SCADA gateways

KUNBUS, headquartered in Germany, has acknowledged the risks and released patches, but legacy deployments in highly regulated environments remain vulnerable due to slow update cycles.

CISA and KUNBUS recommend immediate action to mitigate risks:

• Update Software: Upgrade PiCtory to version 2.12 via the KUNBUS Cockpit UI or direct download.
• Enable Authentication: Configure Node-RED and PiCtory with strong authentication protocols.
• Network Isolation: Segment industrial control systems (ICS) from business networks using firewalls.
• Avoid Internet Exposure: Ensure ICS devices are not directly accessible online.

KUNBUS plans to release a Cockpit plugin by April 2025 to simplify secure configurations.

Adam Bromiley of Pen Test Partners discovered the vulnerabilities, which were collaboratively disclosed to CISA and KUNBUS.

While no active exploitation has been reported, CISA emphasizes the urgency of patching, noting adversaries’ historical targeting of industrial systems for sabotage or extortion.

These vulnerabilities underscore the fragility of industrial IoT ecosystems and the cascading consequences of unsecured devices. With Revolution Pi’s widespread use in critical infrastructure, organizations must prioritize updates, network hardening, and ongoing risk assessments to avert potential disasters.

The post CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks appeared first on Cyber Security News.