German electrical engineering and automation company Phoenix Contact disclosed four vulnerabilities in their FL SWITCH industrial line. The affected switches have various applications in the industrial sector and are commonly used for automation of processes. Researchers discovered the vulnerabilities, which include two critical flaws that could allow attackers to gain remote access, run arbitrary code, and steal sensitive information, as well as lead to denial of service (DoS) attacks. Phoenix, ICS-CERT, and VDE-CERT strongly advise that companies using the switches, from maritime, utility, oil and gas, and digital substations, run the released updates immediately.
The flaws affect model series 3xxx, 4xxx, and 48xxx with firmware versions 1.0 to 1.33. CVE-2018-10730 has a CVSS score of 9.1 and, when exploited, allows an attacker to execute an arbitrary code, such as disengaging all connected devices from the network and compromising operations. CVE-2018-10731, with a score of 9.0, is a stack buffer overflow allowing threat actors to gain unauthorized access to the OS files and inject commands into the system. CVE-2018-10728 is also a stack buffer overflow that can be used for DoS attacks and arbitrary code execution, as well as for disabling internet and Telnet services. CVE-2018-10729 allows unauthorized actors to read the compromised device’s configurations. Phoenix states that there's a patch available in firmware version 1.34.
Industrial distribution enterprises provide automation devices and machines for the continued delivery of basic consumer services, and threat actors will be looking into the different ways to disrupt critical infrastructure for criminal purposes. Here are some things enterprises can do to protect their systems:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.