| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 5147999 | BLUEMARK CLED | all versions |
| 5147888 | BLUEMARK LED | all versions |
| 5147777 | BLUEMARK X1 | all versions |
The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED.
The abovementioned BLUEMARK printers are discontinued and only impacted by a subset of 8 of the 13 discovered vulnerabilities.
The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is
NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-ofbound ...
The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various
side effects, including Information Leak and Denial-of-Service conditions, depending on the network
buffer ...
Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-ofService conditions.
The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side
effects, including Information Leak and Denial-of-Service conditions, depending on the network ...
When processing a DHCP ACK message, the DHCP client application does not validate the length of
the Vendor option(s), leading to Denial-of-Service conditions.
When processing a DHCP OFFER message, the DHCP client application does not validate the length
of the Vendor option(s), leading to Denial-of-Service conditions.
The DHCP client application does not validate the length of the Domain Name Server IP option(s)
(0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions.
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...
BLUEMARK X1 / LED / CLED printers that are only operated via USB interface are not affected.
In the following, the known security vulnerabilities with the possible effects are described if the BLUEMARK X1 / LED / CLED is operated via network. This means that the effects listed below can only occur if these conditions exist. Please refer to the mitigation section for additional protective measures.
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
This vulnerability was discovered and reported to Siemens by Yuval Halaban, Uriel Malin, and Tal Zohar from Medigate and Daniel dos Santos, Amine Amri, and Stanislav Dashevskyi from Forescout Technologies
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
CERT@VDE coordinated with PHOENIX CONTACT.