Missing Authentication for Critical Function in Phoenix Contact GmbH Hardware solutions

#VU64578 Missing Authentication for Critical Function in Phoenix Contact GmbH Hardware solutions

Published: 2022-06-22

Vulnerability identifier: #VU64578

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9201

CWE-ID: CWE-306

Exploitation vector: Network

Exploit availability: No

Vendor: Phoenix Contact GmbH

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product does not feature a function to authenticate communication protocols. A remote attacker can change or download the configuration, start or stop services, update or modify the firmware or shut down the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ILC 1x0: All versions

AXC 1050: 2700988

AXC 1050XC: 2701295

AXC 3050: 2700989

RFC 480S: 2404577

RFC 470S: 2916794

RFC 460R: 2700784

RFC 430 ETH: 2730190

RFC 450 ETH: 2730200

PC WORX SRT: 2701680

PC WORX RT BASIC: 2700291

FC 350 PCI ETH: 2730844

External links
http://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
http://cert.vde.com/en/advisories/VDE-2019-015/
http://www.cisa.gov/uscert/ics/advisories/icsa-22-172-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Missing Authentication for Critical Function in Phoenix Contact Classic Line Industrial Controllers