| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2403160 | ILC 2050 BI | < 1.2.3 |
| 2404671 | ILC 2050 BI-L | < 1.2.3 |
Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.
If the above-mentioned controllers are used in an unprotected, open network, an unauthorized attacker can change the device configuration and start or stop services.
Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers.
Please note: If this is not possible, please contact us via email at
development.sysmik@phoenixcontact.com
so that we can provide you with a fixed version.
The updated version is available on the vendors' product page
Filename: Emalytics_Setup_1.2.3.zip
SHA-256: cf24d29f408cc80c3e9bf09234a9469bb2b2d01d832e9136ed75cae6b48df293
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
PHOENIX CONTACT reported this to CERT@VDE