Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Vulnerability

Phoenix Contact classic line PLCs are affected by a vulnerability that allows the download of code without an integrity check. The advisory does not specify exact firmware versions, but all classic line controllers are potentially impacted. The vulnerability is present in the device's firmware handling of application downloads from engineering tools such as the Automation Worx Software Suite [1].

Exploitation

An unauthenticated attacker with network access to the PLC can exploit this vulnerability by sending modified application code to the device. No authentication is required, and the attacker only needs to be able to communicate with the PLC over the network. The attack does not require any user interaction or prior access [1].

Impact

Successful exploitation allows the attacker to modify some or all applications running on the PLC. This can lead to arbitrary code execution, disruption of industrial processes, and potential safety risks. The attacker gains full control over the modified applications [1].

Mitigation

No firmware patch has been released. Mitigation relies on operational measures: operate the PLCs in closed industrial networks, use firewalls to segment OT zones, protect remote connections with VPN, and disable OT communication protocols if they are not required. Project data should only be transferred in protected environments [1].