PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS)
VDE-2019-007 (2019-03-25 12:45 UTC+0100)
CVE Identifier
CVE-2019-9743Affected Vendors
Phoenix Contact
Affected Products
RAD-80211-XD (2885728)
RAD-80211-XD/HP-BUS (2900047)
Vulnerability Type
Improper Neutralization of Special Elements used in a Command (CWE-77)
Summary
A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.
Impact
If vulnerability is exploited, the attacker may execute system level commands at will with administrative privileges.
Solution
Temporary Fix / Mitigation
Customers using Phoenix Contact 802-11XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.
For detailed information on our recommendations for measures to protect network-capable devices, please refer to the application note:
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf
Remediation
The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.
Reported by
Maxim Rupp (rupp.it)