Cryptographic issues in PLCNext AXC F 2152

#VU18692 Cryptographic issues in PLCNext AXC F 2152

Published: 2019-06-06

Vulnerability identifier: #VU18692

Vulnerability risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7559

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PLCNext AXC F 2152
Server applications / SCADA systems

Vendor: Phoenix Contact GmbH

Description

The vulnerability allows a remote attacker to decrypt passwords.

The vulnerability exists due to an error in OPC UA Server that allows an attacker to determine a Server's private key. A remote attacker can send especially constructed UserIdentityTokens, encrypted with the Basic128Rsa15 security policy as part of an oracle attack, and decrypt passwords even if they were encrypted with another security policy such as Basic256Sha256.

Vulnerability affects following PLCNext AXC F 2152 products:

AXC F 2152: article number 2404267
AXC F 2152: article number 1046568 (Starterkit)

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PLCNext AXC F 2152: 1.0.0 - 1.20

External links
http://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45
http://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150
http://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cryptographic issues in PLCNext AXC F 2152