Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers

A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.

A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured substitute value behavior.

The bus coupler requires a manual restart (resetting the power supply, pressing the reset button or executing the SNMP reset command) to reestablish communication within the Industrial Ethernet (e.g. PROFINET IO, Modbus/TCP, EtherNet/IP).

Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

If the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.

To further improve security, fixed firmware versions are available for the items listed in the "Fixed" section. A fix for products marked as "discontinued" is not planned. All other listed products will receive a bugfix at the next revision.