Share: Email | Twitter

ID

VDE-2023-030

Published

2023-09-19 08:50 (CEST)

Last update

2023-09-19 08:51 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
1153509 E-Mobility Charging Suite <= 1.7.0
1153513 E-Mobility Charging Suite <= 1.7.0
1086929 E-Mobility Charging Suite <= 1.7.0
1153516 E-Mobility Charging Suite <= 1.7.0
1086891 E-Mobility Charging Suite <= 1.7.0
1153508 E-Mobility Charging Suite <= 1.7.0
1153520 E-Mobility Charging Suite <= 1.7.0
1086921 E-Mobility Charging Suite <= 1.7.0
1086889 E-Mobility Charging Suite <= 1.7.0
1086920 E-Mobility Charging Suite <= 1.7.0
2702889 FL Network Manager <= 7.0
1083065 IOL Conf <= 1.7.0
1636198 MTP DESIGNER <= 1.2.0 BETA
1636200 MTP DESIGNER TRIAL <= 1.2.0 BETA
-- PHOENIX CONTACT Activation Wizard <= 1.6
1373907 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373909 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373233 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373910 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373226 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373236 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373231 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373224 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373913 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373912 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373238 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373914 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373915 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373916 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373917 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373918 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1373908 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550573 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550576 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550581 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550587 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550580 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550582 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1532628 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550574 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1550589 PHOENIX CONTACT Activation Wizard in MORYX Software Platform <= 1.6
1046008 PLCnext Engineer <= 2023.6
1165889 PLCnext Engineer EDU LIC <= 2023.6

Summary

Vulnerabilities in WIBU-SYSTEMS CodeMeter Runtime affect multiple Phoenix Contact products.

Phoenix Contact devices using CodeMeter embedded are not affected by these vulnerabilities.

Vulnerabilities



Last Update
Sept. 19, 2023, 8:50 a.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Last Update
Sept. 19, 2023, 9:01 a.m.
Weakness
Improper Privilege Management (CWE-269)
Summary

A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.

Impact

An attacker exploiting the vulnerabilities in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction.

Exploiting the vulnerabilities in WIBU CodeMeter Runtime in non-networked workstation mode could lead to a privilege elevation and full admin access on this workstation.

Solution

Mitigation

1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.
2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the network for reducing the risk is strongly recommended.
3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.
4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.

Remediation

PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V7.60c, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.60c has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.

Install Phoenix Contact Activation Wizard from version 1.7 when available.
Please check the Phoenix Contact e-Shop for your related Software product regularly.

Reported by

CERT@VDE coordinated with PHOENIX CONTACT.