PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices

Multiple vulnerabilities have been discovered in the firmware and in libraries utilized of RAD-ISM-900-EN-BD devices:

In addition to the above listed CVEs the following issues were identified:

Vulnerabilities related to outdated libraries:

BusyBox version 0.60.1: A CVE scan revealed 13 potential vulnerabilities. Some of these vulnerabilities impact services used by this device such as NTP and DHCP.
OpenSSL version 0.9.7-beta3: This version of OpenSSL uses deprecated ciphers and a CVE scan revealed over 87 potential vulnerabilities.
Over-privileged web application:
The web application is operated with root privileges. Therefore, if an attacker were able to achieve RCE via the web application they would be executing with the highest level of privileges.

The abovementioned vulnerabilities allow an attacker to execute arbitrary shell commands and/or upload arbitrary files to the device with root privileges.

Some software libraries compiled into the device firmware are outdated and contain known vulnerabilities. Some of those vulnerabilities may be exploitable in the device context whilst others may not have any effect as the specific vulnerable function is not used. These vulnerabilities have not been investigated in detail.

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: dam-mdc.phoenixcontact.com/asset/1564...

The family of RAD-ISM-900-EN-BD devices is end of life and will not receive updates anymore. If operation within a secured environment cannot be ensured in the specific customer application, please contact your local PHOENIX CONTACT support to discuss alternative solutions.