Security flaws in Phoenix Contact industrial switches expose their networks to attacks

• Industrial switches manufactured by Phoenix Contact were found to have six major security vulnerabilities.
• These components are mainly used in energy, oil & gas, maritime, and other industries.

Phoenix Contact, a popular manufacturer of industrial components is in the spotlight as some of its products were found to have serious security flaws. The German-based manufacturer’s industrial switches had six vulnerabilities which were discovered by researchers Evgeny Druzhinin, Ilya Karpov, and Georgy Zaytsev of security firm Positive Technologies.

According to Paolo Emiliani, Industry and SCADA Research Analyst at Positive Technologies, switches running outdated firmware were the ones found vulnerable.

“Successful exploitation of these weaknesses has the potential to cause disruption, or even total interruption, of ICS operations. An attacker can intercept user credentials and then reconfigure a switch to disable its ports, resulting in failure of network communication between ICS components. Several series of switches are vulnerable: FL SWITCH 3xxx, 4xxx, and 48xx with firmware versions older than 1.35," said Emiliani.

Six flaws

Among the six flaws, the most critical one allowed cross-site request forgery (CSRF), which enables attackers to pose as legitimate users and run arbitrary commands in the switch’s interface.

Another vulnerability arises because these switches fail to ensure equally-spaced timeouts between unsuccessful login attempts. This can permit attackers to steal user credentials and perpetrate attacks.

Other vulnerabilities allowed a large number of connections to the switch’s web interface making it attractive for conducting a denial-of-service attack. In fact, the switch’s security library was riddled with errors.

Furthermore, it was also possible to steal private keys from the firmware. Doing so would help attackers in a man-in-the-middle (MITM) attack intercept information transmitted in these switches.

Positive Technologies has informed Phoenix Contact of these security issues and has advised administrators handling the switches to update them to the latest firmware.