Share: Email | Twitter

ID

VDE-2021-025

Published

2021-06-23 14:19 (CEST)

Last update

2021-06-23 14:19 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
1221706 CLOUD CLIENT 1101T-TX/TX < 2.06.5
1234355 CLOUD CLIENT 2002T-4G EU <= 4.5.72.100
1234360 CLOUD CLIENT 2002T-WLAN <= 4.5.72.100
1234357 CLOUD CLIENT 2102T-4G EU WLAN <= 4.5.72.100
1264327 ENERGY AXC PU <= V4.10.0.0
2403160 ILC 2050 BI <= 1.5.1
2404671 ILC 2050 BI-L <= 1.5.1
1264328 SMARTRTU AXC IG <= V1.0.0.0
1110435 SMARTRTU AXC SG <= V1.6.0.1
2702529 TC ROUTER 2002T-3G < 2.06.5
2702531 TC ROUTER 2002T-3G < 2.06.5
2702528 TC ROUTER 3002T-4G < 2.06.5
2702530 TC ROUTER 3002T-4G < 2.06.5
2702533 TC ROUTER 3002T-4G ATT < 2.06.5
2702532 TC ROUTER 3002T-4G VZW < 2.06.5
1234352 TC ROUTER 4002T-4G EU <= 4.5.72.100
1234353 TC ROUTER 4102T-4G EU WLAN <= 4.5.72.100
1234354 TC ROUTER 4202T-4G EU WLAN <= 4.5.72.100

Summary

A Denial of Service and a CA Check Problem have been identified in multiple openSSL 1.1.1 versions, which are utilized in the Phoenix Contact products listed above.

Vulnerabilities



Weakness
Improper Certificate Validation (CWE-295)
Summary
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow ...
Weakness
NULL Pointer Dereference (CWE-476)
Summary
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present ...

Impact

Note: ILC 20250 is only affected by CVE-2021-3449

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Remediation

Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.
A fix for ILC 2050, and some TC ROUTER and CLOUD CLIENT devices will be available end of Q2 2021. This advisory will be updated as soon as the fixes are available for download.

Product number Product name Fixed Version
1151412 AXC F 1152 2021.0.5 LTS
2404267 AXC F 2152 2021.0.5 LTS
1069208 AXC F 3152 2021.0.5 LTS
1051328 RFC 4072S 2021.0.5 LTS
1046568 AXC F 2152 Starterkit 2021.0.5 LTS
1188165 PLCnext Technology Starterkit 2021.0.5 LTS
2981974 FL MGUARD DM UNLIMITED 1.13
2702528 TC ROUTER 3002T-4G 2.06.5
2702529 TC ROUTER 2002T-3G 2.06.5
2702530 TC ROUTER 3002T-4G 2.06.5
2702531 TC ROUTER 2002T-3G 2.06.5
2702532 TC ROUTER 3002T-4G VZW 2.06.5
2702533 TC ROUTER 3002T-4G ATT 2.06.5
1221706 CLOUD CLIENT 1101T-TX/TX 2.06.5
1234352 TC ROUTER 4002T-4G EU End of Q2 2021
1234353 TC ROUTER 4102T-4G EU WLAN
1234354 TC ROUTER 4202T-4G EU WLAN
1234355 CLOUD CLIENT 2002T-4G EU
1234360 CLOUD CLIENT 2002T-WLAN
1234357 CLOUD CLIENT 2102T-4G EU WLAN
2403160 ILC 2050 BI
2404671 ILC 2050 BI-L
1110435 SMARTRTU AXC SG
1264328 SMARTRTU AXC IG
1264327 ENERGY AXC PU

Reported by

We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.