| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 1151412 | AXC F 1152 | < 2021.0.5 LTS |
| 2404267 | AXC F 2152 | < 2021.0.5 LTS |
| 1046568 | AXC F 2152 Starterkit | < 2021.0.5 LTS |
| 1069208 | AXC F 3152 | < 2021.0.5 LTS |
| 1188165 | PLCnext Technology Starterkit | < 2021.0.5 LTS |
| 1051328 | RFC 4072S | < 2021.0.5 LTS |
A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).
UPDATE A
The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
An attacker could potentially script this request and create a denial of service attack condition.
Temporary Fix / Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Remediation
Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.
| Article no | Article | Fixed version |
| 1151412 | AXC F 1152 | Download |
| 2404267 | AXC F 2152 | Download |
| 1069208 | AXC F 3152 | Download |
| 1051328 | RFC 4072S | Download |
| 1046568 | AXC F 2152 Starterkit | Download |
| 1188165 | PLCnext Technology Starterkit | Download |
The vulnerability was discovered by Oliver Carrigan of Dionach.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.