|Article No°||Product Name||Affected Version(s)|
|2403160||ILC 2050 BI||< 1.2.3|
|2404671||ILC 2050 BI-L||< 1.2.3|
Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.
If the above-mentioned controllers are used in an unprotected, open network, an unauthorized attacker can change the device configuration and start or stop services.
Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers.
Please note: If this is not possible, please contact us via email at
so that we can provide you with a fixed version.
The updated version is available on the vendors' product page
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY “Measures to protect network-capable devices with Ethernet connection against unauthorized access”
PHOENIX CONTACT reported this to CERT@VDE