|Article no||Article||Affected versions||Fixed version|
|1151412||AXC F 1152||< 2021.0.5 LTS||Download|
|2404267||AXC F 2152||< 2021.0.5 LTS||Download|
|1069208||AXC F 3152||< 2021.0.5 LTS||Download|
|1051328||RFC 4072S||< 2021.0.5 LTS||Download|
|1046568||AXC F 2152 Starterkit||< 2021.0.5 LTS||Download|
|1188165||PLCnext Technology Starterkit||< 2021.0.5 LTS||Download|
A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).
The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
An attacker could potentially script this request and create a denial of service attack condition.
Temporary Fix / Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.
The vulnerability was discovered by Oliver Carrigan of Dionach.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.