VDE-2019-007 | CERT@VDE

2019-03-25 12:45 (CET) VDE-2019-007

PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS)

Share: Email | Twitter

ID

VDE-2019-007

Published

2019-03-25 12:45 (CET)

Last update

2019-03-25 12:45 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
2885728	RAD-80211-XD	all versions
2900047	RAD-80211-XD/HP-BUS	all versions

Summary

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.

CVE ID

CVE-2019-9743

Last Update:

18. Februar 2020 08:25

Severity

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Summary

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.

Details

nvd.nist.gov

Impact

If vulnerability is exploited, the attacker may execute system level commands at will with administrative privileges.

Solution

Temporary Fix / Mitigation
Customers using Phoenix Contact 802-11XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.

For detailed information on our recommendations for measures to protect network-capable devices, please refer to the application note:
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf

Remediation
The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.

Reported by

This vulnerability was discovered by Maxim Rupp (rupp.it)