A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.
The indicated firmware versions are only used on products of hardware version 01.xx.xx.
ProConOS/ProConOS eCLR insufficiently verifies uploaded data.
The affected devices insufficiently verify uploaded data.
Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial networks. The communication protocols used for device management and configuration do not feature authentication measures.
Update A, 2022-06-21
This updated version contains additional affected products.
In addition, a new application note for classic line controllers had been published to make it easier for our customers to find out the actions how to disable the unauthorized communication ports instead of checking out each controller’s manual.
Improper buffer restrictions in the webserver used in SIMA² Master Station software versions < V 2.6 may allow an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.