|Article No°||Product Name||Affected Version(s)|
|1151412||AXC F 1152||< 2021.0.5 LTS|
|2404267||AXC F 2152||< 2021.0.5 LTS|
|1046568||AXC F 2152 Starterkit||< 2021.0.5 LTS|
|1069208||AXC F 3152||< 2021.0.5 LTS|
|1188165||PLCnext Technology Starterkit||< 2021.0.5 LTS|
|1051328||RFC 4072S||< 2021.0.5 LTS|
A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).
The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
An attacker could potentially script this request and create a denial of service attack condition.
Temporary Fix / Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.
|Article no||Article||Fixed version|
|1151412||AXC F 1152||Download|
|2404267||AXC F 2152||Download|
|1069208||AXC F 3152||Download|
|1046568||AXC F 2152 Starterkit||Download|
|1188165||PLCnext Technology Starterkit||Download|
The vulnerability was discovered by Oliver Carrigan of Dionach.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.