Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Flaws Expose Phoenix Contact Industrial Switches to Attacks

The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks.

The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks.

Phoenix Contact is a Germany-based provider of industrial automation, connectivity and interface solutions. Its FL switches are used worldwide in sectors such as critical manufacturing, IT, and communications.

Researchers from Positive Technologies discovered that 3xxx, 4xxx and 48xx series switches running a version of the firmware prior to 1.35 are vulnerable to attacks.

Phoenix Contact industrial switch vulnerabilitiesBased on their CVSS score, four of the flaws have been assigned a severity rating of “high.” One of them is a cross-site request forgery (CSRF) issue that allows an attacker to conduct unauthorized activities on the device by getting a legitimate user to click on a malicious link.

Another serious vulnerability is related to the lack of a mechanism for preventing automated and repeated attempts to access the user interface. This allows a malicious actor to obtain the username and password for a device’s interface using a brute force attack.

The researchers also noticed that the web interface is accessed by default over HTTP, which allows an MitM attacker to intercept credentials as they travel from the user’s browser to the switch.

An attacker can prevent others from accessing the web interface by initiating over 120 connections, which causes a DoS condition. This prevents not only new connections, but also disrupts existing ones.

The remaining flaws, with a severity rating of “medium,” allow attackers to obtain the device’s default private keys from the firmware and use them for MitM attacks, and cause certificates to be displayed incorrectly by exploiting a weakness in the switch’s security library.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

The vendor has released firmware updates for each of the impacted products. ICS-CERT and its German counterpart [email protected] have released advisories describing the vulnerabilities.

It’s worth mentioning that versions 1.33 and 1.34 of the firmware for Phoenix Contact FL switches also address vulnerabilities discovered by Positive Technologies. Those flaws were disclosed last year in January and May.

Related: Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws

Related: Cisco IOS Flaws Expose Rockwell Industrial Switches to Remote Attacks

Related: Serious Flaw Exposes Siemens Industrial Switches to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.