Share: Email | Twitter

ID

VDE-2022-025

Published

2022-06-21 07:15 (CEST)

Last update

2022-06-21 07:15 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
AXC 1050 all versions
2701295 AXC 1050 XC all versions
2700989 AXC 3050 all versions
2730844 FC 350 PCI ETH all versions
ILC1x0 all versions
ILC1x1 all versions
2700977 ILC 1x1 GSM/GPRS all versions
ILC 3xx all versions
2700291 PC WORX RT BASIC all versions
2701680 PC WORX SRT all versions
2730190 RFC 430 ETH-IB all versions
2730200 RFC 450 ETH-IB all versions
2700784 RFC 460R PN 3TX all versions
1096407 RFC 460R PN 3TX-S all versions
2916600 RFC 470 PN 3TX all versions
2916794 RFC 470S PN 3TX all versions
2404577 RFC 480S PN 4TX all versions

Summary

The affected devices insufficiently verify uploaded data.


Last Update:

17. November 2022 11:18

Weakness

Insufficient Verification of Data Authenticity  (CWE-345) 

Summary

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Impact

An attacker capable of either transmitting manipulated logic or manipulating legitimate logic can execute arbitrary malicious code on the device.

Solution

Mitigation

Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn’t feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.

Generic information and recommendations for security measures to protect network-capable
devices can be found in the application note.

Reported by

This vulnerability was reported by Forescout.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.