Summary
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.
Impact
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Hardware ILC 2050 BI | Firmware <=1.3.0 | |
| Hardware ILC 2050 BI-L | Firmware <=1.3.0 | |
| Software Emalytics Automation Workbench N4 | Firmware <=1.3.0 |
Vulnerabilities
Expand / Collapse allMitigation
Phoenix Contact recommends customers with affected products take the following steps to protect themselves:
• Review and validate the list of users who are authorized and who can authenticate to Emalytics.
• Allow only trained and trusted persons to have physical access to the system, including devices that have connection to the system though the Ethernet port.
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY 'Measures to protect network-capable devices with Ethernet connection against unauthorized access'
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 08/20/2020 09:11 | Initial revision. |
| 2 | 11/06/2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 05/22/2025 15:03 | Fix: version space, added distribution, quotation mark |