Share: Email | Twitter

ID

VDE-2021-036

Published

2021-08-04 09:56 (CEST)

Last update

2021-08-04 09:56 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
Activation Wizard <= 1.4
1153509 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1153513 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1086929 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1153516 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1086891 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1153508 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1153520 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1086921 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1086889 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
1086920 E-Mobility Charging Suite license codes for EV Charging Suite Setup <= 1.7.3
2702889 FL Network Manager <= 5.0
1083065 IOL-CONF <= 1.7.0
1046008 PC Worx Engineer <= 2021.06
1165889 PLCNEXT ENGINEER EDU LIC <= 2021.06

Summary

Please consult the CVE entries above for more details.

Vulnerabilities



Last Update
July 7, 2021, 10:53 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Last Update
July 7, 2021, 10:53 a.m.
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Impact

An attacker may use the above-described vulnerabilities to perform a Denial of Service attack.
Phoenix Contact devices using CodeMeter embedded are not affected by these vulnerabilities.

Solution

Temporary Fix / Mitigation

  1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.
  2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.
  3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.
  4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.


Remediation

PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.

Reported by

This vulnerability was discovered and reported to WIBU Systems by Tenable.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.