Critical Flaws Found in Phoenix Contact Industrial Switches Could Lead to DoS, Data Leaks

German electrical engineering and automation company Phoenix Contact disclosed four vulnerabilities in their FL SWITCH industrial line. The affected switches have various applications in the industrial sector and are commonly used for automation of processes. Researchers discovered the vulnerabilities, which include two critical flaws that could allow attackers to gain remote access, run arbitrary code, and steal sensitive information, as well as lead to denial of service (DoS) attacks. Phoenix, ICS-CERT, and VDE-CERT strongly advise that companies using the switches, from maritime, utility, oil and gas, and digital substations, run the released updates immediately.

[Read: Securing the connected industrial world with Trend Micro]

The flaws affect model series 3xxx, 4xxx, and 48xxx with firmware versions 1.0 to 1.33. CVE-2018-10730 has a CVSS score of 9.1 and, when exploited, allows an attacker to execute an arbitrary code, such as disengaging all connected devices from the network and compromising operations. CVE-2018-10731, with a score of 9.0, is a stack buffer overflow allowing threat actors to gain unauthorized access to the OS files and inject commands into the system. CVE-2018-10728 is also a stack buffer overflow that can be used for DoS attacks and arbitrary code execution, as well as for disabling internet and Telnet services. CVE-2018-10729 allows unauthorized actors to read the compromised device’s configurations. Phoenix states that there's a patch available in firmware version 1.34.

[Read: DoS, injection flaws among vulnerabilities found in ICS, SCADA routers]

Industrial distribution enterprises provide automation devices and machines for the continued delivery of basic consumer services, and threat actors will be looking into the different ways to disrupt critical infrastructure for criminal purposes. Here are some things enterprises can do to protect their systems:

  • Install manufacturer-released downloads and updates regularly to secure assets.
  • Practice network segmentation to separate the network into specific security zones. This isolates systems and provides additional layers of protection.
  • Employ a multilayered security approach to defend the network, from the gateway to the endpoints, for intrusion detection and prevention and removal of threats.
  • Establish and update policies relating to incident planning and response with employees, and create comprehensive proactive and reactive plans to prevent incidents from escalating.

[Read: The State of SCADA HMI vulnerabilities]


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.