Share: Email | Twitter

ID

VDE-2023-058

Published

2023-12-12 08:00 (CET)

Last update

2023-12-11 16:26 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
1151412 AXC F 1152 <= 2024.0
2404267 AXC F 2152 <= 2024.0
1069208 AXC F 3152 <= 2024.0
1246285 BPC 9102S <= 2024.0
1185416 EPC 1502 <= 2024.0
1185423 EPC 1522 <= 2024.0
1046008 PLCnext Engineer <= 2024.0
1136419 RFC 4072R <= 2024.0
1051328 RFC 4072S <= 2024.0

Summary

PLCnext Control provides authentication and integrity check for the application.
An authenticated, skilled attacker might be able to manipulate the application (e.g.: logic files, executable logic, configurations) in a special crafted way that the integrity check will not be able to recognize these tampering attempts which are then difficult to remove.

PLCnext Engineer warns users if the PLC logic is different from the current loaded project when Online mode is activated. In addition, during loading an application on the PLC, a Project Integrity Warning logging entry is generated.
A skilled attacker might be able to manipulate the application in a special crafted way that the integrity check will not be able to recognize tampering attempts.


Last Update:

30. August 2024 09:27

Weakness

Download of Code Without Integrity Check  (CWE-494) 

Summary

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.


Impact

The identified vulnerabilities allow to download and execute manipulated applications on PLCnext Control. Potential tampered applications might not be discovered.

Solution

Mitigation

PLCnext Control is developed and designed for use in protected industrial networks. In this approach, the production plant is protected against attacks, especially from the outside, by a multi-level perimeter, including firewalls, and by dividing the plant into OT zones using firewalls.

This concept is supported by organizational measures in the production facility as part of a security management system. To achieve security, measures are required at all levels. It must be ensured that the application is always transferred or stored in protected environments.

This applies to both data in transmission and data at rest. Connections between the engineering tools (PLCnext Engineer) and PLCnext Control must always be in a locally protected environment or, in the case of remote access, protected by VPN.

Project data should not be sent as a file via email or other transmission mechanisms without additional integrity and authenticity checks. Project data should only be stored in protected environments.

For general information and recommendations on security measures to protect network-enabled devices, refer to the application note:
Application note Security

PLCnext Control provides a feature set that supports users in setting up a separated protected environment, for example, by using separated Ethernet ports, firewalls, user and certificate management, and integrity checks. These features can reduce the attack surface of this vulnerability.

For more information’s refer to the PLCnext Info Centers.

PLCnext Control provides project data integrity checks, information’s about the default configuration are provided in the topic Checking project data integrity.

Remediation

PLCnext Control security feature set and hardening are continuously improved.
Please check the PLCnext Control product download pages for updated versions and the PSIRT webpage
https://phoenixcontact.com/psirt for updated information’s and firmware regularly.

We recommend that our customers always use the latest LTS versions, as known security vulnerabilities are regularly fixed. The latest version at the time of publication of this advisory is 2023.0.7 LTS Hotfix.

Reported by

This vulnerability was reported by Reid Wightman at Dragos, Inc.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.