FL MGUARD, TC MGUARD, TC ROUTER and TC CLOUD CLIENT devices are affected by a buffer overflow vulnerability within the PPP service.
The PPP service is not active by default, but is used commonly at TC ROUTER, TC CLOUD CLIENT.
It is also running in the following FL MGUARD and TC MGUARD configurations:
• Mobile data connection
• Router mode “Modem”
• Router mode “PPPoE”
• L2TP over IPsec
Malicious PPP peers could try to exploit the vulnerability from remote.
PACTware passwords are stored in a recoverable format (CVE-2020-9403)
PACTware passwords may be modified without knowing the current password (CVE-2020-9404)
An open port used for debugging grants root access to the device without access control via network.
Security researchers at ESET have reported a vulnerability called Kr00k (CVE-2019- 15126) which affects encrypted WiFi traffic for devices using Broadcom or Cypress chipsets. The vulnerability may allow an attacker to decrypt some WPA2- Personal/Enterprise traffic by forcing an AP/client to start utilizing an all-zero encryption key (similar to KRACK vulnerability).
If the software runs as a service, a user with limited access can gain administrator privileges by starting a shell with administrator rights from the Import / Export configuration dialog.
The Phoenix Contact application ‘PC WORX SRT’ is installed as service. The installation path of the application is configured to have insecure permissions which allows any unprivileged user to write arbitrary files to the installation directory where all the configuration files and binaries of the service are located.
An attacker needs an authorized login on the device in order to exploit the herein mentioned vulnerabilities.
The reported vulnerabilities allow a local attacker with valid login credentials who is able to create files on the device to change the devices settings, e.g. default gateway address, time server etc. and potentially execute code.