| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 1221706 | CLOUD CLIENT 1101T-TX/TX | < 2.06.10 |
| 2702886 | TC CLOUD CLIENT 1002-4G | < 2.07.2 |
| 2702888 | TC CLOUD CLIENT 1002-4G ATT | < 2.07.2 |
| 2702887 | TC CLOUD CLIENT 1002-4G VZW | < 2.07.2 |
| 2702528 | TC ROUTER 3002T-4G | < 2.07.2 |
| 2702533 | TC ROUTER 3002T-4G ATT | < 2.07.2 |
| 2702532 | TC ROUTER 3002T-4G VZW | < 2.07.2 |
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Multiple issues have been identified for the affected devices. Please consult the CVEs for details.
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note.
Measures to protect network-capable devices with Ethernet connection
Remediation
Phoenix Contact strongly recommends updating to the latest available firmware version, which fixes these vulnerabilities.
These vulnerabilities were discovered by A. Resanovic and S. Stockinger at St. Pölten UAS and coordinated by T. Weber of CyberDanube Security Research.
CERT@VDE coordinated with PHOENIX CONTACT.