There is an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications, according to a report on ICS-CERT. KW-Software originally wrote these applications without authentication intentionally.
This vulnerability, discovered by Reid Wightman of Digital Bond, is remotely exploitable.
The following applications suffer from the issue: ProConOs all versions, and MultiProg all versions.
An exploitation of this vulnerability could allow any network user to interact with the process control and change the ladder logic.
Phoenix Contact Software is a German-based automation software company. Prior to January 2015, they were KW-Software GmbH. Phoenix Contact Software provides software solutions to vendor companies. These vendor companies offer products integrated with Phoenix Contact Software worldwide.
These applications allow users to run process control and manage IEC 61131 logic.
What is at issue is the protocol behind the application software does not have an authentication mechanism. This allows anyone with network access to inject commands to the protocol.
CVE-2014-9195 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.
No known public exploits specifically target this vulnerability, however, an attacker with a low skill would be able to exploit this vulnerability.
Phoenix Contact Software designed the applications and protocols without authentication mechanisms. Phoenix Contact Software felt vendors using the application software and its protocol would incorporate its own authentication mechanism in its final product. Phoenix Contact Software is considering adding authentication software into future versions of its application software and its protocol.