VDE-2018-015
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2018-09-21 07:03 - Updated: 2018-09-21 07:03Summary
Phoenix Contact: AXL F BK PN Denial of Service Vulnerability
Notes
Summary: Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
Impact: The device stops responding to any network or local port, consequently shutting down this part of the automation system. The bus coupler needs to be restarted by disconnecting the power supply.
Mitigation: Customers using affected Phoenix Contact AXL F BK are recommended to operate the devices in closed networks or protected with a suitable firewall.
For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_%20industrial_security_107913_en_01.pdf
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
7.5 (High)
Mitigation
Customers using affected Phoenix Contact AXL F BK are recommended to operate the devices in closed networks or protected with a suitable firewall.For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf
References
Acknowledgments
CERT@VDE
certvde.com
Fraunhofer IOSB
Christian Haas
David Meier
Steffen Pfrang
Anne Borcherding
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Christian Haas",
"David Meier",
"Steffen Pfrang",
"Anne Borcherding"
],
"organization": "Fraunhofer IOSB",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.",
"title": "Summary"
},
{
"category": "description",
"text": "The device stops responding to any network or local port, consequently shutting down this part of the automation system. The bus coupler needs to be restarted by disconnecting the power supply.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using affected Phoenix Contact AXL F BK are recommended to operate the devices in closed networks or protected with a suitable firewall.\nFor detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:\nhttps://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_%20industrial_security_107913_en_01.pdf",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2018-015: Phoenix Contact: AXL F BK PN Denial of Service Vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2018-015/"
},
{
"category": "self",
"summary": "VDE-2018-015: Phoenix Contact: AXL F BK PN Denial of Service Vulnerability - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2018-015.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "Phoenix Contact: AXL F BK PN Denial of Service Vulnerability",
"tracking": {
"aliases": [
"VDE-2018-015"
],
"current_release_date": "2018-09-21T07:03:00.000Z",
"generator": {
"date": "2025-04-22T09:24:54.604Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.18"
}
},
"id": "VDE-2018-015",
"initial_release_date": "2018-09-21T07:03:00.000Z",
"revision_history": [
{
"date": "2018-09-21T07:03:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXL F BK ETH",
"product": {
"name": "AXL F BK ETH",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2688459"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK ETH XC",
"product": {
"name": "AXL F BK ETH XC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2701949"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK PN",
"product": {
"name": "AXL F BK PN",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2701815"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.12",
"product": {
"name": "Firmware \u003c=1.12",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.11",
"product": {
"name": "Firmware \u003c=1.11",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.0.4",
"product": {
"name": "Firmware \u003c=1.0.4",
"product_id": "CSAFPID-21003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.12 installed on AXL F BK ETH",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.11 installed on AXL F BK ETH XC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.0.4 installed on AXL F BK PN",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16994",
"notes": [
{
"category": "description",
"text": "An issue was discovered on PHOENIX CONTACT AXL F BK PN \u003c=1.0.4, AXL F BK ETH \u003c= 1.12, and AXL F BK ETH XC \u003c= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers using affected Phoenix Contact AXL F BK are recommended to operate the devices in closed networks or protected with a suitable firewall.For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note:\nhttps://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_ industrial_security_107913_en_01.pdf",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2018-16994"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…