Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK

Published

2020-03-16 00:00:00 UTC

Summary

BOSCH-SA-645125: The S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin [1] about a weakness in the web-based administration interface for managing the device properties. By exploiting the vulnerability the device can be put into a state in which network queries are no longer answered. To restore the device to a proper state it must be restarted. The vulnerability affects all available hardware revisions and all software versions.