VDE-2021-021 | CERT@VDE

2021-06-23 14:15 (CEST) VDE-2021-021

PHOENIX CONTACT: Security Advisory for AXL F BK and IL BK products

Share: Email | Twitter

ID

VDE-2021-021

Published

2021-06-23 14:15 (CEST)

Last update

2021-06-23 14:15 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
2702782	AXL F BK EIP EF (HW < 01)	< 1.30
2688394	AXL F BK EIP (HW < 05)	< 1.30
2688459	AXL F BK ETH (HW < 05)	< 1.30
2702177	AXL F BK ETH NET2	all versions
2701949	AXL F BK ETH XC (HW < 05)	< 1.30
2701815	AXL F BK PN	all versions
2403869	AXL F BK PN TPS (HW < 02)	< 1.30
1068857	AXL F BK PN TPS XC (HW < 01)	< 1.30
2701222	AXL F BK PN XC	all versions
2701686	AXL F BK S3 (HW < 05)	< 1.40
2701457	AXL F BK SAS	all versions
2897758	IL EIP BK DI8 DO4 2TX-PAC	all versions
2703981	IL ETH BK DI8 DO4 2TX-PAC	all versions
2701388	IL ETH BK DI8 DO4 2TX-XC-PAC	all versions
2878379	IL PN BK DI8 DO4 2SCRJ-PAC	all versions
2703994	IL PN BK DI8 DO4 2TX-PAC	all versions
2403696	IL PN BK-PAC	all versions
2692380	IL S3 BK DI8 DO4 2TX-PAC	all versions

Summary

An undocumented password protected FTP access to the root directory exists in certain devices of the AXL F BK and IL BK product families (CWE-798).

CVE ID

CVE-2021-33540

Last Update:

7. Juli 2021 13:14

Severity

7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Weakness

Use of Hard-coded Credentials (CWE-798)

Summary

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Details

nvd.nist.gov

Impact

An attacker who was able to obtain the hard-coded password to FTP access could access the FTP area and read the scrambled monitoring information of the device.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Remediation

For the following devices a firmware update is available that disabled the above-mentioned undocumented FTP access. PHOENIX CONTACT recommends upgrading these devices to the latest firmware.

Article No	Article	Fixed Version	FW Download
1068857	AXL F BK PN TPS XC	FW > 1.30, HW 01	Link
2403869	AXL F BK PN TPS	FW > 1.30, HW 02	Link
2688394	AXL F BK EIP	FW > 1.30, HW 05	Link
2702782	AXL F BK EIP EF	FW > 1.30, HW 01	Link
2688459	AXL F BK ETH	FW > 1.30, HW 05	Link
2701949	AXL F BK ETH XC	FW > 1.30, HW 05	Link
2701686	AXL F BK S3	FW > 1.40, HW 05	End Q4 2021

Reported by

This vulnerability was discovered by Secuvera.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.