A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.
In addition, the following improvements have been implemented:
HMI
- Hardening against DoS attacks.
- Hardening against memory leak problems in case of network attacks.
WBM
- Umlauts in the password of the “User Manager” were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.
- Hardening of WBM against Cross-Site-Scripting.
User Manager
- In security notifications “SecurityToken” was always displayed as “0000000” when creating or modifying users.
- Hardening of Trust and Identity Stores.
Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a program to crash, use unexpected values or execute code by exploiting these use-after-free vulnerabilities.
Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).
A denial of service of the HTTPS management interface of PHOENIX CONTACT FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.
Manipulated PC Worx or Config+ files could lead to a heap buffer overflow, release of unallocated memory or a read access violation due to insufficient validation of input data.
The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Update A, 2022-11-14
UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022)
Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements.
PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.
ProConOS/ProConOS eCLR designed for use in closed industrial networks provide communication protocols without authentication.
Please also refer the original ICS-CERT advisory ICSA-15-013-03 published 13 January 2015.