Network kit biz Phoenix takes heat as flaws may leave industrial control system security in ashes

Oil, gas, maritime systems affected by latest bug findings

By Shaun Nichols in San Francisco


Companies running a popular brand of industrial Ethernet switch are being advised to update their firmware ASAP following a series of bug disclosures.

Security house Positive Technologies took credit today for the discovery of six CVE-listed security vulnerabilities in the Phoenix Contact FL Switch 3xxx, 4xxx, and 48xx industrial control switches. The flaws are addressed in firmware versions 1.35 or newer.

Among the now-patched flaws were several Positive described as "critical" security risks that could be exploited to knock vulnerable devices offline or pull off man-in-the-middle attacks.

"Successful exploitation of these weaknesses has the potential to cause disruption, or even total interruption, of ICS operations," Positive Technologies SCADA research analyst Paolo Emiliani said in the company's write-up of the issue.

"An attacker can intercept user credentials and then re-configure a switch to disable its ports, resulting in failure of network communication between ICS components."

These are particularly serious bugs given where many of the vulnerable network switches are used. Positive says the Contact FL line is particularly popular for oil and energy facilities, as well as maritime systems, where a controller breakdown would be a major headache.

All of the vulnerabilities were discovered and privately reported by researchers Evgeny Druzhinin, Ilya Karpov, and Georgy Zaytsev.

Two of the more series flaws were CVE-2018-13993, a cross-site request forgery that would let an attacker use the web interface to control a vulnerable switch and send arbitrary commands, and CVE-2018-13990, a brute force vulnerability caused by the switch not having a timeout period between login attempts.

Yes, you can remotely hack factory, building site cranes. Wait, what?


CVE-2018-13992 is a possible password theft vulnerability caused by the switch transmitting login information over its web interface as plain text, while CVE-2018-13991 is a man-in-the-middle flaw that could allow an attacker to harvest encryption keys.

Two other bugs, CVE-2018-13994 and CVE-2017-3735 are denial of service vulnerabilities caused by a buffer error and the web interface not properly limiting the number of possible connections.

All of the bugs can be patched by updating the switch's firmware to the latest build (in this case 1.35 or later). Those downloads can be found on the managed switch products page on Phoenix's website. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Uncle Sam is Huawei out of line with these hacking attacks, patent probes, Chinese mobe maker sighs

Comms giant says camera patent claims are a front for government intrusion

Second MoD Airbus Zephyr spy drone crashes on Aussie test flight

Delicate thing doesn't like turbulence, apparently

GlobalFoundries calls off the dogs to reach semiconductor patent sharing deal with TSMC

In two months? That was quick

Hey, you've earned it: Huawei chucks workers a £219m bonus for tackling US blacklist

Take the kids somewhere nice

Aviation's been Boeing through a rough patch: Software tweaks blamed for Airbus A220 failures

Engine maker Pratt & Whitney says it's working on a fix

Chips 'n fish: Globalfoundries casts patent net at rival TSMC

25 complaints target Taiwan-based chipmaker and its manufacturing customers

American telcos get 90 days to wrap up deals with, er, dangerous Chinese supplier – that's Huawei the news goes

US Department of Commerce relents-ish on blockade plans

American intelligence follows British lead in warning of serious VPN vulnerabilities

Now if only they'd accept the Queen back again...

My chemical romance drowns tomorrow's money, warns TSMC: Chip maker's yields rocked by bad batch

Supplier's substandard sauce will hit processor manufacturing

Why worry about cost of banning certain Chinese comms providers? Fire Huawei, says analyst

Rip and replace only $3.5bn! Won't slow 5G rollout either


Faster Response with CrowdStrike and MITRE ATT&CK

Today’s threat landscape has created new challenges for security analysts and incident responders.

Defending Against the Siege of Ransomware

Ransomware is big business. But to win the war against this cyber threat, without paying a king’s ransom, you need a strong defense.

Evolving Datacenters without Complexity

In this session, we’ll talk about how IT leaders are advancing the capabilities of their datacenters to rise to today’s challenges. Our guest speaker, Chris Bradford, Product Manager at DataStax will bring first-hand expertise to a discussion with The Register host Elena Perez.

Top 5 Recommendations for Effective Threat Detection

Learn how to improve the effectiveness of your threat detection program in cloud and hybrid environments.