| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2404777 | BL2 BPC * | <= current version |
| 2404845 | BL2 BPC * | <= current version |
| 2404844 | BL2 PPC * | <= current version |
| 2404846 | BL2 PPC * | <= current version |
| 2313559 | FL COMSERVER WLAN 232/422/485 | all versions |
| 2702538 | FL WLAN 110x | < 2.21 |
| 2702534 | FL WLAN 110x | < 2.21 |
| 2702535 | FL WLAN 210x | < 2.21 |
| 2702540 | FL WLAN 210x | < 2.21 |
| 2884444 | FL WLAN 230 AP 802-11* | <= current version |
| 2700452 | FL WLAN 230 AP 802-11* | <= current version |
| 2884279 | FL WLAN 24 DAP 802-11* | <= current version |
| 2700451 | FL WLAN 24 DAP 802-11* | <= current version |
| 2884130 | FL WLAN 24 EC 802-11* | <= current version |
| 2700449 | FL WLAN 24 EC 802-11* | <= current version |
| 2700718 | FL WLAN 510x | < 3.06 |
| 2701093 | FL WLAN 510x | < 3.06 |
| 2701850 | FL WLAN 510x | < 3.06 |
| 2692791 | FL WLAN EPA* | <= current version |
| 2700488 | FL WLAN EPA* | <= current version |
| 2701169 | FL WLAN EPA* | <= current version |
| 2884761 | FL WLAN SPA | <= current version |
| 2402957-2402964 | ITC 8113* | <= current version |
| 2403738 | ITC 8113* | <= current version |
| 2403485 | ITC 8113* | <= current version |
| 2402911 | ITC 8113* | <= current version |
| 2403267 | ITC 8113* | <= current version |
| 2402979 | ITC 8113* | <= current version |
| 2885728 | RAD-80211-XD* | <= current version |
| 2900046 | RAD-80211-XD* | <= current version |
| 2900047 | RAD-80211-XD* | <= current version |
| 2990011 | RAD-80211-XD* | <= current version |
| 2900178 | RAD-WHG/WLAN-XD | <= current version |
| 2913784 | TPC 6013* | <= current version |
| 2700740 | TPC 6013* | <= current version |
| 2700611 | TPC 6013* | <= current version |
| 2701316 | TPC 6013* | <= current version |
| 2913852 | VMT 30xx | <= current version |
| 2701003 | VMT 30xx | <= current version |
| 2700969 | VMT 30xx | <= current version |
| 2913959 | VMT 30xx | <= current version |
| 2700878 | VMT 30xx | <= current version |
| 2887580 | VMT 50xx | <= current version |
| 2887593 | VMT 50xx | <= current version |
| 2913810 | VMT 50xx | <= current version |
| 2400158-2400161 | VMT 70xx | <= current version |
Multiple security issues and vulnerabilities within the WPA2 standard have been identified and publicized by Mr. Mathy Vanhoef of KU Leuven. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point (AP). In consequence, an attacker could establish a man-in-the-middle position between AP and client facilitating packet decryption and injection.
Update A - 2017-11-09
* Added a detailed list of affected products
Update B - 2018-09-24
* Added firmware update information, see section "Solution"
PHOENIX CONTACT embedded devices running in AP mode are not affected by these vulnerabilities. If devices are used in client or repeater mode, an attacker could in theory decrypt any packet sent by the client. Devices of the FL WLAN 110x, 210x, and 510x product families are only affected to a very limited extent. With these devices, only data packets sent within three seconds after key renewal could possibly be decrypted by a successful attacker. In general, if TCP SYN packets are decrypted, this can be used to hijack TCP connections and inject malicious traffic into unencrypted protocols. However, to perform the attack, the attacker must be significantly closer to the WLAN client than the access point. In industrial or indoor applications, the attacker would have to be inside the plant. A successful external attack therefore seems to be very difficult. Furthermore, the WPA2 password cannot be compromised using a KRACK attack. It is not possible for the attacker to gain full access to the network. However, note that if WPA-TKIP is used instead of AES-CCMP, the impact of this vulnerability is much more severe, because an attacker can then not only decrypt packets, but also forge and inject packets directly into the WLAN.
PHOENIX CONTACT is actively working on these vulnerabilities. CERT@VDE will update this advisory as soon as further significant details are provided by the vendor, especially with information about patches provided.
For PHOENIX CONTACT devices running Microsoft Windows, we recommend to apply the security update provided by Microsoft. If you are using WPA-TKIP in your WLAN, you should switch to AES-CCMP immediately.
This advisory will be updated as further details become available.
For the following products a firmware update addressing the issues is available for download on the Download tab of the corresponding product page on our website:
| Articles | Firmware version | Released |
| FL EPA 2, FL EPA 2 RSMA |
FW 1.53 or higher | 06/2018 |
| FL WLAN 5100, FL WLAN 5101, FL WLAN 5102, FL WLAN 5110, FL WLAN 5111 |
FW 3.06 or higher | 06/2018 |
| FL WLAN 1100, FL WLAN 1101, FL WLAN 2100, FL WLAN 2101 |
FW 2.21 or higher | 06/2018 |
Mathy Vanhoef of imec-DistriNet, KU Leuven published this vulnerability on https://www.krackattacks.com.
PHOENIX CONTACT reported this vulnerability to CERT@VDE.