loader gif

Critical RCE affects older Diebold Nixdorf ATMs

Critical RCE affects older Diebold Nixdorf ATMs (Malware and Vulnerabilities)

Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs, Diebold Nixdorf will start notifying the customers next week. The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider. “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” The ATM tested by the expert is running Aglis XFS for Opteva version 4.1.61.1. According to Diebold Nixdorf, this service only runs on Opteva version 4.x software, successive versions are not affected. The ATM maker released Agilis XFS for Opteva – BulkCashRec (BCRM) version 4.1.22 that doesn’t expose the service’s configuration online.

loader gif