Share: Email | Twitter

ID

VDE-2021-023

Published

2021-06-23 14:17 (CEST)

Last update

2021-07-07 13:19 (CEST)

Vendor(s)

PHOENIX CONTACT

Product(s)

Product number Product name Firmware version
2700996 FL SWITCH SMCS 16TX <= 4.70
2700997 FL SWITCH SMCS 14TX/2FX <= 4.70
2701466 FL SWITCH SMCS 14TX/2FX-SM <= 4.70
2891123 FL SWITCH SMCS 8GT <= 4.70
2891479 FL SWITCH SMCS 6GT/2SFP <= 4.70
2989103 FL SWITCH SMCS 8TX-PN <= 4.70
2989093 FL SWITCH SMCS 4TX-PN <= 4.70
2989226 FL SWITCH SMCS 8TX <= 4.70
2989323 FL SWITCH SMCS 6TX/2SFP <= 4.70
2700290 FL SWITCH SMN 6TX/2POF-PN <= 4.70
2989501 FL SWITCH SMN 8TX-PN <= 4.70
2989543 FL SWITCH SMN 6TX/2FX <= 4.70
2989556 FL SWITCH SMN 6TX/2FX SM <= 4.70
2989365 FL NAT SMN 8TX <= 4.63
2702443 FL NAT SMN 8TX-M <= 4.63

Summary

Multiple vulnerabilities have been discovered in the current firmware of the PHOENIX CONTACT FL SWITCH SMCS series switches.

Vulnerabilities



Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') ( CWE-362 )
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network ...
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ( CWE-79 )
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by ...
Weakness
Improper Resource Shutdown or Release ( CWE-404 )
Summary
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the ...

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Reported by

These vulnerabilities have been discovered and reported by Anne Borcherding, Fraunhofer- Institut für Optronik, Systemtechnik und Bildauswertung IOSB.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.