Share: Email | Twitter

ID

VDE-2021-029

Published

2021-08-04 09:58 (CEST)

Last update

2021-11-09 13:49 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
1151412 AXC F 1152 < 2021.0.5 LTS
2404267 AXC F 2152 < 2021.0.5 LTS
1046568 AXC F 2152 Starterkit < 2021.0.5 LTS
1069208 AXC F 3152 < 2021.0.5 LTS
1188165 PLCnext Technology Starterkit < 2021.0.5 LTS
1051328 RFC 4072S < 2021.0.5 LTS

Summary

A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).

UPDATE A

The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)


Weakness

Improper Input Validation  (CWE-20) 

Summary

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

Impact

An attacker could potentially script this request and create a denial of service attack condition.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection

Remediation

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.

Article no Article Fixed version
1151412 AXC F 1152 Download
2404267 AXC F 2152 Download
1069208 AXC F 3152 Download
1051328 RFC 4072S Download
1046568 AXC F 2152 Starterkit Download
1188165 PLCnext Technology Starterkit Download

Reported by

The vulnerability was discovered by Oliver Carrigan of Dionach.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.