Share: Email | Twitter

ID

VDE-2023-017

Published

2023-08-08 06:00 (CEST)

Last update

2023-07-31 13:14 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
1221706 CLOUD CLIENT 1101T-TX/TX < 2.06.10
2702886 TC CLOUD CLIENT 1002-4G < 2.07.2
2702888 TC CLOUD CLIENT 1002-4G ATT < 2.07.2
2702887 TC CLOUD CLIENT 1002-4G VZW < 2.07.2
2702528 TC ROUTER 3002T-4G < 2.07.2
2702533 TC ROUTER 3002T-4G ATT < 2.07.2
2702532 TC ROUTER 3002T-4G VZW < 2.07.2

Vulnerabilities



Last Update
Aug. 8, 2023, 8:43 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

Last Update
Aug. 8, 2023, 8:43 a.m.
Weakness
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776)
Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

Impact

Multiple issues have been identified for the affected devices. Please consult the CVEs for details.

Solution

Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note.

Measures to protect network-capable devices with Ethernet connection

Remediation

Phoenix Contact strongly recommends updating to the latest available firmware version, which fixes these vulnerabilities.

Reported by

These vulnerabilities were discovered by A. Resanovic and S. Stockinger at St. Pölten UAS and coordinated by T. Weber of CyberDanube Security Research.

CERT@VDE coordinated with PHOENIX CONTACT.