AXC F 2152 (2404267)
Starterkit - AXC F 2152 (1046568)
Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x
see CVEs for details.
Update to Firmware Release 2019.0 LTS or later.
Update to PLCnext Engineer Release 2019.0 LTS or later.
Update A, 30.08.2019
With Firmware Release 2019.6 an option was added to the web-based
management that allows the user to permanently disable storage of configuration data to the
SD-Card. The device can now be operated without SD-Card and ignores any inserted SD-Card.
We recommend using this new configuration option for application scenarios where physical
access to the device cannot be restricted effectively.
Customers using Phoenix Contact AXC F 2152 are recommended to operate the devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
“Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY “Measures to protect network-capable devices with Ethernet connection against unauthorized access”
These vulnerabilities were discovered with the support of firmwareanalyzer.com
Zahra Khani (Firmalyzer SPRL) and the OPC Foundation.