| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| AXC 1050 | all versions | |
| 2701295 | AXC 1050 XC | all versions |
| 2700989 | AXC 3050 | all versions |
| 2730844 | FC 350 PCI ETH | all versions |
| ILC1x0 | all versions | |
| ILC1x1 | all versions | |
| 2700977 | ILC 1x1 GSM/GPRS | all versions |
| ILC 3xx | all versions | |
| 2700291 | PC WORX RT BASIC | all versions |
| 2701680 | PC WORX SRT | all versions |
| 2730190 | RFC 430 ETH-IB | all versions |
| 2730200 | RFC 450 ETH-IB | all versions |
| 2700784 | RFC 460R PN 3TX | all versions |
| 1096407 | RFC 460R PN 3TX-S | all versions |
| 2916600 | RFC 470 PN 3TX | all versions |
| 2916794 | RFC 470S PN 3TX | all versions |
| 2404577 | RFC 480S PN 4TX | all versions |
The affected devices insufficiently verify uploaded data.
An attacker capable of either transmitting manipulated logic or manipulating legitimate logic can execute arbitrary malicious code on the device.
Mitigation
Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn’t feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.
Generic information and recommendations for security measures to protect network-capable
devices can be found in the application note.
This vulnerability was reported by Forescout.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.