Phoenix Contact has a series of recommendations to handle an improper access control vulnerability in its FL NAT SMx, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability could allow unauthorized users full access to the device configuration. CERT@VDE, working with Maxim Rupp and Phoenix Contact, discovered this vulnerability.
Phoenix Contact reports the vulnerability affects the following FL NAT SMx industrial Ethernet switches:
• FL NAT SMN 8TX-M (2702443)
• FL NAT SMN 8TX-M-DMG (2989352)
• FL NAT SMN 8TX (2989365)
• FL NAT SMCS 8TX (2989378)
In the vulnerability, an unauthorized user can access the web interface using an authorized IP address, which may allow full access to the device configuration. This attack is only possible if an authorized session is still active on the system.
CVE-2019-9744 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.
The product sees use mainly in the communications, critical manufacturing, and information technology sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the issue.
Phoenix Contact recommends affected users operate the devices in closed networks or protected with a suitable firewall.
Phoenix Contact recommends users consider the following steps to protect the device from an attacker who has gained access to the closed network, or if there is a possibility that multiple users might share a VPN connection with a single endpoint IP:
• Log off from the WEB-UI immediately after administration
• Disable the WEB-UI and use configuration access via SNMP instead
• Ensure the system password is strong as this is also the SNMP write community
Click here for additional recommendations.
Click here to see the VDE-2019-006 advisory.