Missing Authentication for Critical Function in Phoenix Contact Classic Line Industrial Controllers



Published: 2022-06-22
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-9201
CWE-ID CWE-306
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		ILC 1x0
Hardware solutions / Routers & switches, VoIP, GSM, etc

AXC 1050
Hardware solutions / Routers & switches, VoIP, GSM, etc

AXC 1050XC
Hardware solutions / Routers & switches, VoIP, GSM, etc

AXC 3050
Hardware solutions / Routers & switches, VoIP, GSM, etc

RFC 480S
Hardware solutions / Routers & switches, VoIP, GSM, etc

RFC 470S
Hardware solutions / Routers & switches, VoIP, GSM, etc

RFC 460R
Hardware solutions / Routers & switches, VoIP, GSM, etc

RFC 430 ETH
Hardware solutions / Routers & switches, VoIP, GSM, etc

RFC 450 ETH
Hardware solutions / Routers & switches, VoIP, GSM, etc

PC WORX RT BASIC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FC 350 PCI ETH
Hardware solutions / Routers & switches, VoIP, GSM, etc

ILC 1x1
Hardware solutions / Routers & switches, VoIP, GSM, etc

ILC 3xx
Hardware solutions / Routers & switches, VoIP, GSM, etc

PC WORX SRT
Hardware solutions / Firmware

Vendor Phoenix Contact GmbH

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Missing Authentication for Critical Function

EUVDB-ID: #VU64578

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9201

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product does not feature a function to authenticate communication protocols. A remote attacker can change or download the configuration, start or stop services, update or modify the firmware or shut down the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ILC 1x0: All versions

AXC 1050: 2700988

AXC 1050XC: 2701295

AXC 3050: 2700989

RFC 480S: 2404577

RFC 470S: 2916794

RFC 460R: 2700784

RFC 430 ETH: 2730190

RFC 450 ETH: 2730200

PC WORX SRT: 2701680

PC WORX RT BASIC: 2700291

FC 350 PCI ETH: 2730844

ILC 1x1: before 4.42

ILC 3xx: before 3.98

External links

http://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
http://cert.vde.com/en/advisories/VDE-2019-015/
http://www.cisa.gov/uscert/ics/advisories/icsa-22-172-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###