Your one-stop web resource providing safety and security information to manufacturers

Phoenix Contact has a series of recommendations to handle an improper access control vulnerability in its FL NAT SMx, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability could allow unauthorized users full access to the device configuration. CERT@VDE, working with Maxim Rupp and Phoenix Contact, discovered this vulnerability.

Phoenix Contact Fixes PLCNext Holes
Rapid7 Clears Insight Vulnerability
B&R Automation Fixes Vulnerabilities
Hole Fixed in AVEVA Vijeo Citect, CitectSCADA

Phoenix Contact reports the vulnerability affects the following FL NAT SMx industrial Ethernet switches:
• FL NAT SMN 8TX-M (2702443)
• FL NAT SMN 8TX-M-DMG (2989352)
• FL NAT SMN 8TX (2989365)
• FL NAT SMCS 8TX (2989378)

In the vulnerability, an unauthorized user can access the web interface using an authorized IP address, which may allow full access to the device configuration. This attack is only possible if an authorized session is still active on the system.

Schneider Bold

CVE-2019-9744 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

The product sees use mainly in the communications, critical manufacturing, and information technology sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the issue.

Phoenix Contact recommends affected users operate the devices in closed networks or protected with a suitable firewall.

Phoenix Contact recommends users consider the following steps to protect the device from an attacker who has gained access to the closed network, or if there is a possibility that multiple users might share a VPN connection with a single endpoint IP:
• Log off from the WEB-UI immediately after administration
• Disable the WEB-UI and use configuration access via SNMP instead
• Ensure the system password is strong as this is also the SNMP write community

Click here for additional recommendations.

Click here to see the VDE-2019-006 advisory.

Pin It on Pinterest

Share This