PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050

VDE-2019-015 (2019-06-28 09:21 UTC+0200)

CVE Identifier

CVE-2019-9201

Affected Vendors

PHOENIX CONTACT

Affected Products

Article Article number
ILC1x0 All variants
ILC1X1 All variants
AXC1050 2700988
AXC3050 2700989

Vulnerability Type

Authentication Issues (CWE-287)

Summary

Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial networks. The communication protocols used for device management and configuration do not feature authentication measures.

Impact

If the affected controllers are used in an unprotected open network, an unauthorized attacker can change or download the device configuration, start or stop services, update or modify the firmware or shutdown the device.

Solution

Temporary Fix / Mitigation

If the use of an affected controller in an unprotected open network cannot be avoided, the affected communication protocols should be disabled by using the CPU services via console. Instructions to CPU services can be found in the manual to the respective device which is available for download at the Phoenix Contact website.

Warning: Disabling the communication protocols will prevent the possibility of remote configuration and monitoring.


For the GSM/GPRS enabled ILC 151 GSM/GPRS (Art. No. 2700977) it is strongly recommended to use Port Filters and a SIM service that provides and implements a VPN (i.e. CDA).


Customers using Phoenix Contact Classic Line Controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.

For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf

Remediation

Phoenix Contact Classic Line Controllers are designed and developed for the use in closed industrial networks. The control and configuration protocols do not feature authentication mechanisms by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

Reported by

This vulnerability was discovered by Sergiu Sechel.