Positive Technologies researchers discover vulnerabilities in Phoenix Contact switches used in multiple sectors

Attackers can gain full control over devices in the FL SWITCH series to disrupt technological processes

Positive Technologies researchers Ilya Karpov and Evgeny Druzhinin have discovered critical vulnerabilities in Phoenix Contact industrial switches. These devices are used to build networks in the oil, gas, maritime, and energy sectors, as well as other infrastructure and manufacturing industries. Exploitation of these deficiencies does not require advanced qualifications and can be performed remotely.

Vulnerability CVE-2017-16743, with a score of 9.8 on the CVSSv3 scale, allows an attacker to bypass authentication on the device's web service via special HTTP requests and gain administrator access to the switch. The second vulnerability, CVE-2017-16741, with a score of 5.3, allows a remote unauthenticated attacker to read redundant and diagnostic data using the device's monitoring mode.

The products affected by these vulnerabilities are FL SWITCH 3xxx, 4xxx, and 48xxx with the software versions 1.0–1.32. To patch the deficiencies, the manufacturer recommends installing the firmware version 1.33.

"If attackers gain control over vulnerable devices, it can lead to various incidents and even disrupt manufacturing processes. To minimize the risks, it is necessary to install updated software on affected switches and follow ICS-CERT recommendations," says Ilya Karpov, Head of ICS Research and Audit at Positive Technologies.

Last year saw a significant increase in the number of vulnerabilities discovered in industrial network equipment—switches, interface converters, gateways—which was pointed out by Positive Technologies researchers in "ICS Security: 2017 in Review." More IP addresses of industrial network equipment components could also be found on publicly available search engines and were accessible via the Internet.

To detect cyber incidents and vulnerabilities in SCADA systems, Positive Technologies offers PT ISIM and MaxPatrol 8 which take into account peculiarities of industrial protocols.