Security Experts:

Flaws Expose Phoenix Contact Industrial Switches to Attacks

The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks.

Phoenix Contact is a Germany-based provider of industrial automation, connectivity and interface solutions. Its FL switches are used worldwide in sectors such as critical manufacturing, IT, and communications.

Researchers from Positive Technologies discovered that 3xxx, 4xxx and 48xx series switches running a version of the firmware prior to 1.35 are vulnerable to attacks.

Phoenix Contact industrial switch vulnerabilitiesBased on their CVSS score, four of the flaws have been assigned a severity rating of “high.” One of them is a cross-site request forgery (CSRF) issue that allows an attacker to conduct unauthorized activities on the device by getting a legitimate user to click on a malicious link.

Another serious vulnerability is related to the lack of a mechanism for preventing automated and repeated attempts to access the user interface. This allows a malicious actor to obtain the username and password for a device’s interface using a brute force attack.

The researchers also noticed that the web interface is accessed by default over HTTP, which allows an MitM attacker to intercept credentials as they travel from the user’s browser to the switch.

An attacker can prevent others from accessing the web interface by initiating over 120 connections, which causes a DoS condition. This prevents not only new connections, but also disrupts existing ones.

The remaining flaws, with a severity rating of “medium,” allow attackers to obtain the device’s default private keys from the firmware and use them for MitM attacks, and cause certificates to be displayed incorrectly by exploiting a weakness in the switch’s security library.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

The vendor has released firmware updates for each of the impacted products. ICS-CERT and its German counterpart [email protected] have released advisories describing the vulnerabilities.

It’s worth mentioning that versions 1.33 and 1.34 of the firmware for Phoenix Contact FL switches also address vulnerabilities discovered by Positive Technologies. Those flaws were disclosed last year in January and May.

Related: Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws

Related: Cisco IOS Flaws Expose Rockwell Industrial Switches to Remote Attacks

Related: Serious Flaw Exposes Siemens Industrial Switches to Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.