Detections
Analytics

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

critical Tenable OT Security Plugin ID 500754

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Phoenix Contact has provided the following mitigations and workarounds:

- Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks using a defense-in-depth approach focusing on network segmentation and communication robustness. In such an approach, users are protected against attacks, (especially from the outside) by a multi-level perimeter, including firewalls as well as dividing the plant into OT zones by using firewalls. This concept is supported by organizational measures in the production plant as part of a security management system. To accomplish security here measures are required at all levels. Ensure that the logic is always transferred or stored in protected environments. This is valid for data in transmission as well as data in rest.
- Connections between the engineering tools and the controller must always be in a locally protected environment or protected by VPN for remote access.
- Project data should not send as a file via email or other transfer mechanisms without additional integrity and authenticity checks.
- Project data should be saved in protected environments only.
- Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.

Measures to protect devices based on classic control technology

See Also

https://cert.vde.com/en/advisories/VDE-2022-025/

https://www.cisa.gov/news-events/ics-advisories/icsa-22-172-03

Plugin Details

Severity: Critical

ID: 500754

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 1/25/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-31800

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:phoenixcontact:axc_1050_firmware, cpe:/o:phoenixcontact:axc_1050_xc_firmware, cpe:/o:phoenixcontact:axc_3050_firmware, cpe:/o:phoenixcontact:ilc1x0_firmware, cpe:/o:phoenixcontact:ilc1x1_firmware, cpe:/o:phoenixcontact:ilc_1x1_gsm%2fgprs_firmware, cpe:/o:phoenixcontact:ilc_3xx_firmware, cpe:/o:phoenixcontact:rfc_430_eth-ib_firmware, cpe:/o:phoenixcontact:rfc_450_eth-ib_firmware, cpe:/o:phoenixcontact:rfc_460r_pn_3tx-s_firmware, cpe:/o:phoenixcontact:rfc_460r_pn_3tx_firmware, cpe:/o:phoenixcontact:rfc_470_pn_3tx_firmware, cpe:/o:phoenixcontact:rfc_470s_pn_3tx_firmware, cpe:/o:phoenixcontact:rfc_480s_pn_4tx_firmware

Required KB Items: Tenable.ot/PhoenixContact

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2022

Vulnerability Publication Date: 6/21/2022

Reference Information

CVE: CVE-2022-31800

CWE: 345