| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| Emalytics Automation Workbench N4 | <= 1.3.0 | |
| 2403160 | ILC 2050 BI | <= 1.3.0 |
| 2404671 | ILC 2050 BI-L | <= 1.3.0 |
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Mitigation
Phoenix Contact recommends customers with affected products take the following steps to protect themselves:
• Review and validate the list of users who are authorized and who can authenticate to Emalytics.
• Allow only trained and trusted persons to have physical access to the system, including devices that have connection to the system though the Ethernet port.
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Remedation
This vulnerability will be fixed in the regular firmware release (v.1.4.0) which is expected to be available October 2020.
Honeywell reported this vulnerability to CISA.