Share: Email | Twitter

ID

VDE-2021-023

Published

2021-06-23 14:17 (CEST)

Last update

2021-06-23 14:17 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
2989365 FL NAT SMN 8TX <= 4.63
2702443 FL NAT SMN 8TX-M <= 4.63
2700997 FL SWITCH SMCS 14TX/2FX <= 4.70
2701466 FL SWITCH SMCS 14TX/2FX-SM <= 4.70
2700996 FL SWITCH SMCS 16TX <= 4.70
2989093 FL SWITCH SMCS 4TX-PN <= 4.70
2891479 FL SWITCH SMCS 6GT/2SFP <= 4.70
2989323 FL SWITCH SMCS 6TX/2SFP <= 4.70
2891123 FL SWITCH SMCS 8GT <= 4.70
2989226 FL SWITCH SMCS 8TX <= 4.70
2989103 FL SWITCH SMCS 8TX-PN <= 4.70
2989543 FL SWITCH SMN 6TX/2FX <= 4.70
2989556 FL SWITCH SMN 6TX/2FX SM <= 4.70
2700290 FL SWITCH SMN 6TX/2POF-PN <= 4.70
2989501 FL SWITCH SMN 8TX-PN <= 4.70

Summary

Multiple vulnerabilities have been discovered in the current firmware of the PHOENIX CONTACT FL SWITCH SMCS series switches.

Vulnerabilities



Last Update
7. Juli 2021 13:17
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.
Last Update
7. Juli 2021 13:17
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.
Last Update
7. Juli 2021 13:17
Weakness
Improper Resource Shutdown or Release (CWE-404)
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Reported by

These vulnerabilities have been discovered and reported by Anne Borcherding, Fraunhofer- Institut für Optronik, Systemtechnik und Bildauswertung IOSB.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.