Share: Email | Twitter

ID

VDE-2021-021

Published

2021-06-23 14:15 (CEST)

Last update

2021-06-23 14:15 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
2702782 AXL F BK EIP EF (HW < 01) < 1.30
2688394 AXL F BK EIP (HW < 05) < 1.30
2688459 AXL F BK ETH (HW < 05) < 1.30
2702177 AXL F BK ETH NET2 all versions
2701949 AXL F BK ETH XC (HW < 05) < 1.30
2701815 AXL F BK PN all versions
2403869 AXL F BK PN TPS (HW < 02) < 1.30
1068857 AXL F BK PN TPS XC (HW < 01) < 1.30
2701222 AXL F BK PN XC all versions
2701686 AXL F BK S3 (HW < 05) < 1.40
2701457 AXL F BK SAS all versions
2897758 IL EIP BK DI8 DO4 2TX-PAC all versions
2703981 IL ETH BK DI8 DO4 2TX-PAC all versions
2701388 IL ETH BK DI8 DO4 2TX-XC-PAC all versions
2878379 IL PN BK DI8 DO4 2SCRJ-PAC all versions
2703994 IL PN BK DI8 DO4 2TX-PAC all versions
2403696 IL PN BK-PAC all versions
2692380 IL S3 BK DI8 DO4 2TX-PAC all versions

Summary

An undocumented password protected FTP access to the root directory exists in certain devices of the AXL F BK and IL BK product families (CWE-798).


Weakness

Use of Hard-coded Credentials  (CWE-798) 

Summary

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Impact

An attacker who was able to obtain the hard-coded password to FTP access could access the FTP area and read the scrambled monitoring information of the device.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Remediation

For the following devices a firmware update is available that disabled the above-mentioned undocumented FTP access. PHOENIX CONTACT recommends upgrading these devices to the latest firmware.

Article No Article  Fixed Version FW Download
1068857 AXL F BK PN TPS XC FW > 1.30, HW 01 Link
2403869 AXL F BK PN TPS FW > 1.30, HW 02 Link
2688394 AXL F BK EIP FW > 1.30, HW 05 Link
2702782 AXL F BK EIP EF FW > 1.30, HW 01 Link
2688459 AXL F BK ETH FW > 1.30, HW 05 Link
2701949 AXL F BK ETH XC FW > 1.30, HW 05 Link
2701686 AXL F BK S3 FW > 1.40, HW 05 End Q4 2021

Reported by

This vulnerability was discovered by Secuvera.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.