PhoenixContact Industrial Switches Could Lead to DoS, Data Leaks

PhoenixContact Industrial Switches Could Lead to DoS, Data Leaks

 

German electrical engineering and automation company Phoenix Contact disclosed four vulnerabilities in their FL SWITCH industrial line. The affected switches have various applications in the industrial sector and are commonly used for automation of processes. Researchers discovered the vulnerabilities, which include two critical flaws that could allow attackers to gain Remote Access, Run Arbitrary Code, and Steal Sensitive Information, as well as lead to Denial Of Service (DoS) attacks.

The flaws affect model series 3xxx, 4xxx, and 48xxx with firmware versions 1.0 to 1.33. CVE-2018-10730 has a CVSS score of 9.1 and, when exploited, allows an attacker to execute an arbitrary code, such as disengaging all connected devices from the network and compromising operations. CVE-2018-10731, with a score of 9.0, is a stack buffer overflow allowing threat actors to gain unauthorized access to the OS files and inject commands into the system. CVE-2018-10728 is also a stack Buffer Overflow that can be used for DoS attacks and arbitrary code execution, as well as for disabling internet and Telnet services. CVE-2018-10729 allows unauthorized actors to read the compromised device’s configurations. Phoenix states that there’s a patch available in firmware version 1.34.

Phoenix Contact has disclosed four vulnerabilities in switches in the FL SWITCH industrial line. The affected devices are typically used in automated processes at digital Substations, Oil and Gas, Maritime, and other industrial applications.

The vulnerabilities were discovered by Positive Technologies researchers Vyacheslav Moskvin, Semyon Sokolov, Evgeny Druzhinin, Ilya Karpov, and Georgy Zaytsev.

Impact

If the vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.

CVSS v2.0 Severity and Metrics:

Base Score: 9.0 HIGH
Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 8.0

Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

CVSS v3.0 Severity and Metrics:

Base Score: 9.1 CRITICAL
Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (V3 legend)
Impact Score: 6.0
Exploitability Score: 2.3

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Vulnerable software and versions Switch to CPE 2.2

  • Configuration 1 cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware
  • Configuration 2 cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware
  • Configuration 3 cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware
  • Configuration 4 cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware

These are some example of the vulnerable software and version of switches with the model they are around 20 affected models of the switches so if you are using any of the Phoenix contact switches kindly get it configured or get your organization a security audited.

Solution

Temporary Fix / Mitigation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.

Remediation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.

Want to secure your Valuable Customer data/Information contact us.

 

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *