|Article No°||Product Name||Affected Version(s)|
|Emalytics Automation Workbench N4||<= 1.3.0|
|2403160||ILC 2050 BI||<= 1.3.0|
|2404671||ILC 2050 BI-L||<= 1.3.0|
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 220.127.116.11) to correct.
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Phoenix Contact recommends customers with affected products take the following steps to protect themselves:
• Review and validate the list of users who are authorized and who can authenticate to Emalytics.
• Allow only trained and trusted persons to have physical access to the system, including devices that have connection to the system though the Ethernet port.
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
This vulnerability will be fixed in the regular firmware release (v.1.4.0) which is expected to be available October 2020.
Honeywell reported this vulnerability to CISA.