PHOENIX CONTACT ILC 1x1 ETH Denial of Service

VDE-2018-012 (2018-08-13 14:55 UTC+0200)

CVE Identifier

n/a

Affected Vendors

PHOENIX CONTACT

Affected Products

PHOENIX CONTACT ILC 131, 151, 171, 191 ETH with all firmware versions

Summary

The processing program of the IEC 61131 program can be slowed down or stopped completely by creating a large amount of network traffic that needs to be handled by the ILC.

Impact

The processing of the network load takes up so much CPU power that the operation of all functions of the device, including the 61131 program, will slow down. This may affect the automation task. Once the network load is removed the ILC will return to normal state.

Solution

Customers using Phoenix Contact ILC 1x1 are recommended to operate the devices in closed networks or protected with a suitable firewall.
For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf

Reported by

This vulnerability was reported by Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universität Berlin) and Florian Fischer (Hochschule Augsburg)

https://www.usenix.org/system/files/conference/woot18/woot18-paper-niedermaier.pdf