Detections
Analytics

PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)

medium Tenable OT Security Plugin ID 500728

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:

- Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.
- Follow the advice concerning SD card usage in the manual “Art.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf” that can be found on the product page below:
- https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc- itemdetail:pid=2404267&library=usen&pcck=P-21-14-01&tab=1&selectedCategory=ALL
- Use the notification manager to monitor SD card exchanges by the application program.
- Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.

Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note “Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,” which can be found at the following link:

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_0 1.pdf

For more information, CERT@VDE has released a security advisory available at the following link:

https://cert.vde.com/en-us/advisories/vde-2019-009

See Also

http://www.nessus.org/u?b8aca257

https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01

Plugin Details

Severity: Medium

ID: 500728

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 1/25/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-10997

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:phoenixcontact:axc_f_2152_firmware, cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware

Required KB Items: Tenable.ot/PhoenixContact

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2019

Vulnerability Publication Date: 6/17/2019

Reference Information

CVE: CVE-2019-10997