Back to overview

PHOENIX CONTACT: ILC 1x1 ETH Denial of Service

VDE-2018-012
Last update
08/13/2018 13:55
Published at
08/13/2018 13:55
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2018-012
CSAF Document
Download

Summary

The processing program of the IEC 61131 program can be slowed down or stopped completely by creating a large amount of network traffic that needs to be handled by the ILC.

Impact

The processing of the network load takes up so much CPU power that the operation of all functions of the device, including the 61131 program, will slow down. This may affect the automation task. Once the network load is removed the ILC will return to normal state.

Affected Product(s)

Model no. Product name Affected versions
ILC 131 Firmware vers:all/*
ILC 151 Firmware vers:all/*
ILC 171 Firmware vers:all/*
ILC 191 ETH Firmware vers:all/*

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Allocation of Resources Without Limits or Throttling (CWE-770)
Summary

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.

References
cve.org | nvd.nist.gov

Mitigation

Customers using Phoenix Contact ILC 1x1 are recommended to operate the devices in closed networks or protected with a suitable firewall.

For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:
www.phoenixcontact.com/assets/downloa...

Revision History

Version Date Summary
1.0.0 08/13/2018 13:55 Initial revision.