"High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products"
The Germany-based industrial solutions provider Phoenix Contact recently informed customers about ten vulnerabilities that have been identified across many of its products. Advisories published by Phoenix Contact and Germany's CERT VDE say the vulnerabilities were pointed out by various researchers and companies. Firmware updates were released to address many of the flaws. For some of the flaws, only recommendations were provided by the vendor for preventing attacks. Two of the vulnerabilities are described as a high-severity security bypass issue and a medium-severity Denial-of-Service (DoS) flaw. These vulnerabilities impact Phoenix Contact's TC router, FL MGUARD modules, ILC 2050 BI building controllers, and PLCNext products. Another high-severity flaw, which could allow the installation of malicious firmware on a device, affects SMARTRTU AXC remote terminal and automation systems, EEM-SB37x energy meters, CHARX control modular AC charging controllers, and PLCNext products. Three of the vulnerabilities that can be exploited for DoS attacks and Cross-Site Scripting (XSS) attacks, impact FL SWITCH SMCS series switches. The exploitation of the XSS bug can allow an attacker to inject malicious code into a device's web-based management interface. This article continues to discuss the potential exploitation and impact of the security vulnerabilities discovered in different Phoenix Contact industrial products.