Share: Email | Twitter

ID

VDE-2022-028

Published

2022-06-21 07:18 (CEST)

Last update

2022-06-21 07:18 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
MULTIPROG all versions
ProConOS all versions
ProConOS eCLR all versions

Summary

ProConOS/ProConOS eCLR designed for use in closed industrial networks provide communication protocols without authentication.

Please also refer the original ICS-CERT advisory ICSA-15-013-03 published 13 January 2015.


Last Update:

June 15, 2022, 2:05 p.m.

Weakness

Credentials Management Errors  (CWE-255) 

Summary

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.


Impact

The identified vulnerability allows for unauthenticated users to modify programs in some controllers that are utilizing ProConOS/ProConOS eCLR and MULTIPROG products. Attackers who reengineer the communication protocols and have network or physical controller access can exploit this vulnerability. This vulnerability affects all versions of ProConOS/ProConOS eCLR and MULTIPROG from Phoenix Contact Software (formerly KW-Software).

Solution

Mitigation

Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised to check their implementation and may publish an advisory according to their product.

Users of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures like an adequate defense– in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, as well as the use of firewalls for network segmentation or controller isolation. Users should check their manufacturers security advisories for more adequate information according to their dedicated device.

Generic information and recommendations for security measures to protect network-capable
devices can be found in the application note.

Reported by

This vulnerability was reported by Reid Wightman of Digital Bond and re-discovered by Forescout.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.