According to BSI: The well-known PLC manufacturer Phoenix Contact has to report a whole series of critical and highly dangerous vulnerabilities in its industrial products: TC ROUTER and TC CLOUD CLIENT, WP 6xxx web panels and in PLCnext control modules.
The BSI - Federal Office for Information Security warns of critical and highly dangerous security gaps in the industrial routers TC ROUTER and TC CLOUD CLIENT from the manufacturer Phoenix Contact and calls for immediate action. The manufacturer itself also reports other critical gaps in its WP 6xxx web panels and also in PLCnext control modules.
Vulnerable industrial control systems
TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
The reported vulnerabilities for TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT Device are two vulnerabilities, but only one of them is critical with a CVSS score of 9.6 out of 10. The second has a score of 4.9. The Attack: A remote, anonymous attacker could exploit the vulnerabilities to perform a cross-site scripting attack and create a denial of service state.
WP 6xxx web panels
The WP 6xxx web panels are also vulnerable to a total of 14 vulnerabilities. 4 of them are critical with a CVSS value of 9.9, 6 other vulnerabilities have a CVSS value of 7.2 to 8.8 and are therefore considered highly dangerous. All other gaps are in terms of CVSS at 3.8 to 4.3. These vulnerabilities allow an attacker to compromise the confidentiality, integrity, and availability of the device. An authenticated attacker can obtain a management shell, run any operating system command with administrator privileges, read all files accessible to the "browser" user, create valid session cookies, decrypt the web service password, retrieve SNMP communities or a malicious firmware update package create .
PLCnext Engineer vulnerabilities
Furthermore, Phoenix Contact reports 11 Engineer vulnerabilities in PLCnext. The libraries LibGit2Sharp/LibGit2 are affected. One vulnerability is critical with a CVSS value of 9.8, 9 other vulnerabilities have a CVSS value of 7.5 to 8.8 and are therefore highly dangerous.
Several vulnerabilities have been discovered in LibGit2Sharp or the underlying LibGit2 library. This open source component is used in many products worldwide. The product is vulnerable to remote code execution, privilege escalation, and tampering. PLCnext Engineer uses the LibGit2Sharp library to provide version control capabilities.
Firmware updates are available
The provider Phoenix Contact provides suitable firmware updates and patches for all vulnerabilities. Companies should use these immediately, since attackers can cause great damage, especially in the case of critical vulnerabilities. A list of the vulnerabilities and further descriptions can be found on the website of VDE Cert – VDE Association for Electrical, Electronic & Information Technologies
More at VDE.com