Phoenix Contact Command Injection Hole

Tuesday, March 26, 2019 @ 03:03 PM gHale

Phoenix Contact has a series of recommendations to handle a command injection vulnerability in its RAD-80211-XD, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability could allow an attacker to execute system level commands with administrative privileges.

RELATED STORIES
ENTTEC has Fix for Lighting Controllers
Schneider Working on Fix Triconex Emulator
Controls Added for Medtronic RF Issues
Weather System Clears Holes

Maxim Rupp (RuppIT) working with Phoenix Contact and CERT@VDE discovered the vulnerability.

Phoenix Contact said the following products suffer from the issue:
• RAD-80211-XD (2885728)
• RAD-80211-XD/HP-BUS (2900047)

In the vulnerability, a WebHMI utility may be exploited by any logged-in user, allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.

CVE-2019-9743 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.9.

The product sees use mainly in the communications, critical manufacturing, and information technology sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Phoenix Contact recommends the following:
• Users using Phoenix Contact 80211-XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.
• The affected products have been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned users upgrade to the active FL WLAN product line.

For detailed information on recommendations for measures to protect network-capable devices, click on the application note.

For more information, click on VDE-2019-007 for more details.



Leave a Reply

You must be logged in to post a comment.