Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how Phoenix Contact fixes the vulnerabilities in TC Router and TC Cloud Client devices. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

Phoenix Contact, Germany, is a manufacturer in the field of electrical connection and electronic interface and industrial automation, the main products include HMI and industrial computer, industrial communication technology, PLC and Ihand O systems, industrial cloud computing, protective equipment, controller system wiring, electronic switching devices and motor controllers, etc. Our business covers many fields such as power, electronics, communications, machinery, petroleum, chemical industry, industrial automation and so on. The company operates seven production bases outside Germany, nearly 50 sales branches and more than 30 local institutions.

Phoenix Contact recently issued a security bulletin alerting users to vulnerabilities in the company's TC Router and TC Cloud Client devices.

According to the official website, Phoenix Contact TC Router is an industrial 4G LTE mobile router that connects Ethernet devices such as PLC, HMI and surveillance cameras to SCADA servers through cellular networks. It is commonly used in power, oil and gas, water and wastewater treatment, agriculture and other industries.

TC Cloud Client devices are industrial VPN gateways for cellular networks that connect computers and remote devices through the cloud and are commonly used in the machine manufacturing industry.

The Phoenix Contact TC Router and TC Cloud Client firmware are affected by three vulnerabilities, including one ultra-critical vulnerability and two high-risk vulnerabilities.

The super-critical vulnerability number is CVE-2020-9435 and the CVSS score is 9.1. The flaw stems from the fact that the device contains a hard-coded certificate that can be used to run the web service. Phoenix Contact said in the announcement that impersonation attacks, man-in-the-middle attacks or passive decryption attacks may occur if the general certificate is not replaced with a device-specific certificate during installation. An attacker can use this vulnerability to gain access to sensitive information, such as administrator credentials, configuration parameters, or status information, through the aforementioned attack, and exploit this information in further attacks.

Phoenix Contact said that to mitigate the impact of the vulnerability, users should replace the pre-installed generic X.509 certificate with a separate certificate during the initial installation; Phoenix Contact also said that in order to avoid manually generating certificates, future devices will be equipped with separate certificates.

In addition, Phoenix Contact TC Router and TC Cloud Client firmware are affected by two high-risk vulnerabilities, CVE-2017-16544 and CVE-2020-9436.

CVE-2017-16544 is a high-risk vulnerability discovered in 2017 that affects BusyBox1.27.2 and previous versions. BusyBox is a set of applications that contain multiple Linux commands and tools. Phoenix Contact TC Router and TC Cloud Client are affected by this vulnerability because in versions of BusyBox 1.27.2 and earlier, the shell's tab auto-populating feature (which is used to obtain a list of file names in a directory) fails to filter file names, causing arbitrary escape sequences to be executed at the terminal. An attacker can exploit this vulnerability to execute code, write to arbitrary files, or launch other attacks. However, because administrator privileges are required to access shell, the impact of this vulnerability on the device is limited.

CVE-2020-9436 is a command injection vulnerability that can be triggered by an attacker sending a POST request to a CGI program on the web interface to inject system commands and invade the device's operating system.

Several Phoenix Contact TC Router and TC Cloud Client are affected by the vulnerability, as shown in the table below.

Phoenix Contact has fixed the vulnerability in the latest version of the firmware and it is recommended that users update the affected devices to the latest version as soon as possible.

This is how Phoenix Contact fixes vulnerabilities in TC Router and TC Cloud Client devices shared by Xiaobian. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.