Share: Email | Twitter

ID

VDE-2021-036

Published

2021-08-04 09:56 (CEST)

Last update

2021-09-07 10:34 (CEST)

Vendor(s)

PHOENIX CONTACT

Product(s)

Article no Article Affected versions
-- Activation Wizard 1.4 and earlier
1046008 PC Worx Engineer 2021.06 and earlier
1165889 PLCNEXT ENGINEER EDU LIC
(License codes)
2021.06 and earlier
2702889 FL Network Manager 5.0 and earlier
1153509,1153513,
1086929,1153516,
1086891,1153508,
1153520,1086921,
1086889,1086920
E-Mobility Charging Suite license codes
for EV Charging Suite Setup
1.7.3 and earlier
1083065 IOL-CONF 1.7.0 and earlier

Summary

Please consult the CVE entries above for more details.

Vulnerabilities



Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ( CWE-79 )
Summary
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Weakness
Exposure of Sensitive Information to an Unauthorized Actor ( CWE-200 )
Summary
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Impact

An attacker may use the above-described vulnerabilities to perform a Denial of Service attack.
Phoenix Contact devices using CodeMeter embedded are not affected by these vulnerabilities.

Solution

Temporary Fix / Mitigation

  1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.
  2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.
  3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.
  4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.


Remediation

PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.

Reported by

This vulnerability was discovered and reported to WIBU Systems by Tenable.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.