Phoenix Contact has a series of recommendations to work with an uncontrolled resource consumption vulnerability in the touch panels of its BTP series, according to a report with CERT@VDE.

The affected products are all versions of the BTP 2043W, BTP 2070W, and BTP 2102W series. The vulnerability, discovered by Richard Thomas and Tom Chothia of University of Birmingham, has a case number of CVE-2020-12524 and a CVSS v3 base score of 7.5.

In the vulnerability, the product could end up exploited to cause the HMI to become unresponsive and not accurately update the display content (Denial of Service).

When the HMI is subjected to i.e. a rapid flood of ICMP ping packets, the HMI stops responding to user input and the running program provides no visual changes. Once the attack stops, the HMI will return to normal functionality.

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, click on the Phoenix Contact application note.

Schneider Bold
ISSSource

Pin It on Pinterest

Share This