|AXC 1050 XC
|FC 350 PCI ETH
|ILC 1x1 GSM/GPRS
|PC WORX RT BASIC
|PC WORX SRT
|RFC 430 ETH-IB
|RFC 450 ETH-IB
|RFC 460R PN 3TX
|RFC 460R PN 3TX-S
|RFC 470 PN 3TX
|RFC 470S PN 3TX
|RFC 480S PN 4TX
The affected devices insufficiently verify uploaded data.
An attacker capable of either transmitting manipulated logic or manipulating legitimate logic can execute arbitrary malicious code on the device.
Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn’t feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.
Generic information and recommendations for security measures to protect network-capable
devices can be found in the application note.
This vulnerability was reported by Forescout.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.