Phoenix Contact, a German electrical engineering and automation company, has disclosed four vulnerabilities in FL SWITCH industrial switches. These devices are used for automation at digital substations and in oil and gas, maritime, and other industries.
The vulnerabilities were discovered by Positive Technologies experts Vyacheslav Moskvin, Semyon Sokolov, Evgeny Druzhinin, Ilya Karpov, and Georgy Zaytsev.
The most hazardous of the vulnerabilities is CVE-2018-10730 (CVSS base score 9.1), which enables an attacker to run arbitrary commands on a switch. For example, these commands could include disconnecting all devices from the industrial network, which would compromise site operations.
Also dangerous is CVE-2018-10731 (score 9.0). A buffer overflow could be used to obtain unauthorized access to OS files on the switch and run arbitrary code. Buffer overflows are also involved in vulnerability CVE-2018-10728 (score 8.1), which an attacker could exploit to perform denial of service, run arbitrary code, or disable Web and Telnet services.
In the fourth vulnerability, CVE-2018-10729 (score 5.3), an unauthenticated attacker could read the contents of the switch configuration file.
The vulnerabilities affect FL SWITCH models 3xxx, 4xxx, and 48xxx running firmware versions 1.0–1.33. To stay safe, the vendor strongly recommends updating to firmware version 1.34.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, commented: “Last year’s trend is still going strong: we’re seeing an increasing number ofadvisories regarding new vulnerabilities in industrial network equipment. By informing the public of vulnerabilities and providing patches, vendors of network equipment—such as switches and interface convertors—are stepping up to the plate and setting a great example.”
She continued: “However, these patches don’t always reach installed equipment already in the field. Clients often rely on airgapping even though 82 percent of tested industrial network segments are insufficiently segmented off from corporate IT systems. In these cases, attackers can use ordinary hacking methods, including phishing, to attack the corporate network and then sidestep their way onto mission-critical industrial segments. At that point, they can exploit vulnerabilities in all sorts of industrial equipment, such as unpatched Phoenix Contact switches.”
This is not the first time that Positive Technologies has found vulnerabilities in Phoenix Contact switches. Earlier this year, security flaws that could enable full control of FL SWITCH devices were reported.
For detecting ICS/SCADA cyberincidents and vulnerabilities, Positive Technologies offers PT ISIM and MaxPatrol 8 to address the unique needs of industrial protocols and networks.