PHOENIX CONTACT : Security Advisory for AXL F BK and IL BK products

Undocumented password protected FTP access in certain devices of the AXL F BK and IL BK product families.

VDE-2021-021 (2021-06-23 14:14 UTC+0200)

CVE Identifier

CVE-2021-33540

Affected Vendors

Phoenix Contact

Affected Products

Product number Product name Firmware version
1068857 AXL F BK PN TPS XC FW < 1.30, HW < 01
2403869 AXL F BK PN TPS FW < 1.30, HW < 02
2688394 AXL F BK EIP FW < 1.30, HW < 05
2702782 AXL F BK EIP EF FW < 1.30, HW < 01
2688459 AXL F BK ETH FW < 1.30, HW < 05
2701949 AXL F BK ETH XC FW < 1.30, HW < 05
2701686 AXL F BK S3 FW < 1.40, HW < 05
2701815 AXL F BK PN all revisions
2701222 AXL F BK PN XC
2702177 AXL F BK ETH NET2
2701457 AXL F BK SAS
2403696 IL PN BK-PAC
2703994 IL PN BK DI8 DO4 2TX-PAC
2878379 IL PN BK DI8 DO4 2SCRJ-PAC
2701388 IL ETH BK DI8 DO4 2TX-XC-PAC
2703981 IL ETH BK DI8 DO4 2TX-PAC
2897758 IL EIP BK DI8 DO4 2TX-PAC
2692380 IL S3 BK DI8 DO4 2TX-PAC

Summary

An undocumented password protected FTP access to the root directory exists in certain devices of the AXL F BK and IL BK product families (CWE-798).

Impact

An attacker who was able to obtain the hard-coded password to FTP access could access the FTP area and read the scrambled monitoring information of the device.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Remediation

For the following devices a firmware update is available that disabled the above-mentioned undocumented FTP access. PHOENIX CONTACT recommends upgrading these devices to the latest firmware.

Article No Article  Fixed Version FW Download
1068857 AXL F BK PN TPS XC FW > 1.30, HW 01 Link
2403869 AXL F BK PN TPS FW > 1.30, HW 02 Link
2688394 AXL F BK EIP FW > 1.30, HW 05 Link
2702782 AXL F BK EIP EF FW > 1.30, HW 01 Link
2688459 AXL F BK ETH FW > 1.30, HW 05 Link
2701949 AXL F BK ETH XC FW > 1.30, HW 05 Link
2701686 AXL F BK S3 FW > 1.40, HW 05 End Q4 2021

Reported by

This vulnerability was discovered by Secuvera.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.