| Vulnerability | Impact | CVSS Score | |---------------|--------|-------------| | Stack-based buffer overflow (CVE-2021-3786) | Remote code execution via malformed Profibus packets | 9.8 (Critical) | | Improper input validation (CVE-2022-2394) | Denial of service (DoS) causing PLC watchdog reset | 7.5 (High) | | Hardcoded credentials in DASS167 debug mode | Unauthorized access to analog input calibration | 8.2 (High) |
Was it a (checking user permissions before execution)? dass167 patched
Leaving DASS167 unpatched is no longer a calculated risk; it is negligence. The exploit code for CVE-2021-3786 is publicly available on GitHub. Shodan searches reveal thousands of exposed Profibus-enabled devices with vulnerable DASS167 modules. Ransomware groups like and Pipedream have incorporated these exploits into their toolkits. | Vulnerability | Impact | CVSS Score |