PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS)

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.

VDE-2019-007 (2019-03-25 12:45 UTC+0100)

CVE Identifier

CVE-2019-9743

Severity

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Affected Vendors

Phoenix Contact

Affected Products

RAD-80211-XD (2885728)
RAD-80211-XD/HP-BUS (2900047)

Vulnerability Type

Improper Neutralization of Special Elements used in a Command (CWE-77)

Summary

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.

Impact

If vulnerability is exploited, the attacker may execute system level commands at will with administrative privileges.

Solution

Temporary Fix / Mitigation

Customers using Phoenix Contact 802-11XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.

For detailed information on our recommendations for measures to protect network-capable devices, please refer to the application note:
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf

Remediation

The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.

Reported by

Maxim Rupp (rupp.it)