Share: Email | Twitter

ID

VDE-2021-029

Published

2021-08-04 09:58 (CEST)

Last update

2021-09-07 16:17 (CEST)

Vendor(s)

PHOENIX CONTACT

Product(s)

Article no Article Affected versions Fixed version
1151412 AXC F 1152 < 2021.0.5 LTS Download
2404267 AXC F 2152 < 2021.0.5 LTS Download
1069208 AXC F 3152 < 2021.0.5 LTS Download
1051328 RFC 4072S < 2021.0.5 LTS Download
1046568 AXC F 2152 Starterkit < 2021.0.5 LTS Download
1188165 PLCnext Technology Starterkit < 2021.0.5 LTS Download

Summary

A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).

UPDATE A

The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)


Weakness

Improper Input Validation  (CWE-20) 

Summary

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

Impact

An attacker could potentially script this request and create a denial of service attack condition.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection

Remediation

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.

Reported by

The vulnerability was discovered by Oliver Carrigan of Dionach.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.