VDE-2020-001

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2020-02-17 08:10 - Updated: 2025-05-22 13:03
Summary
PHOENIX CONTACT: Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file
Notes
Summary: Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.
Impact: If the above-mentioned controllers are used in an unprotected, open network, an unauthorized attacker can change the device configuration and start or stop services.
Remediation: Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers. Please note: If this is not possible, please contact us via email at\ development.sysmik@phoenixcontact.com\ so that we can provide you with a fixed version. The updated version is available on the vendors' [product page](https://www.phoenixcontact.com/en-us/products/controller-ilc-2050-bi-2403160) Filename: Emalytics_Setup_1.2.3.zip\ SHA-256: cf24d29f408cc80c3e9bf09234a9469bb2b2d01d832e9136ed75cae6b48df293 Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: [Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY 'Measures to protect network-capable devices with Ethernet connection against unauthorized access'](https://dam-mdc.phoenixcontact.com/asset/156443151564/7287b631b23077172920b18d738b3b1c/107913_en_02.pdf)
CVE-2020-8768

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.

9.4 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE-732 - Incorrect Permission Assignment for Critical Resource
Vendor Fix Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers. Please note: If this is not possible, please contact us via email at\ development.sysmik@phoenixcontact.com\ so that we can provide you with a fixed version. The updated version is available on the vendors' [product page](https://www.phoenixcontact.com/en-us/products/controller-ilc-2050-bi-2403160) Filename: Emalytics_Setup_1.2.3.zip\ SHA-256: cf24d29f408cc80c3e9bf09234a9469bb2b2d01d832e9136ed75cae6b48df293 Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: [Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY 'Measures to protect network-capable devices with Ethernet connection against unauthorized access'](https://dam-mdc.phoenixcontact.com/asset/156443151564/7287b631b23077172920b18d738b3b1c/107913_en_02.pdf)
References
Acknowledgments
CERT@VDE certvde.com
Phoenix Contact GmbH & Co. KG Phoenix Contact www.phoenixcontact.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Phoenix Contact"
        ],
        "organization": "Phoenix Contact GmbH \u0026 Co. KG",
        "summary": "reporting",
        "urls": [
          "https://www.phoenixcontact.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If the above-mentioned controllers are used in an unprotected, open network, an unauthorized attacker can change the device configuration and start or stop services.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers.\n\nPlease note: If this is not possible, please contact us via email at\\\ndevelopment.sysmik@phoenixcontact.com\\\nso that we can provide you with a fixed version. \n\nThe updated version is available on the vendors\u0027 [product page](https://www.phoenixcontact.com/en-us/products/controller-ilc-2050-bi-2403160)\n\nFilename: Emalytics_Setup_1.2.3.zip\\\nSHA-256: cf24d29f408cc80c3e9bf09234a9469bb2b2d01d832e9136ed75cae6b48df293 \n\nPhoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: \n\n[Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY \u0027Measures to protect network-capable devices with Ethernet connection against unauthorized access\u0027](https://dam-mdc.phoenixcontact.com/asset/156443151564/7287b631b23077172920b18d738b3b1c/107913_en_02.pdf)\n",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "Phoenix Contact PSIRT ",
        "url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
      },
      {
        "category": "self",
        "summary": "VDE-2020-001: PHOENIX CONTACT: Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2020-001/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-001: PHOENIX CONTACT: Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-001.json"
      }
    ],
    "title": "PHOENIX CONTACT: Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file",
    "tracking": {
      "aliases": [
        "VDE-2020-001"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2024-09-10T09:23:44.252Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.11"
        }
      },
      "id": "VDE-2020-001",
      "initial_release_date": "2020-02-17T08:10:00.000Z",
      "revision_history": [
        {
          "date": "2020-02-17T08:10:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2",
          "summary": "Fix: correct certvde domain, added self-reference"
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "3",
          "summary": "Fix: version space, removed ia, added distribution, quotation mark"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.2.3",
                "product": {
                  "name": "Firmware \u003c1.2.3",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "1.2.3",
                "product": {
                  "name": "Firmware 1.2.3",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "ILC 2050 BI",
                "product": {
                  "name": "ILC 2050 BI",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2403160"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "ILC 2050 BI-L",
                "product": {
                  "name": "ILC 2050 BI-L",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2404671"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.2.3 installed on ILC 2050 BI",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.2.3 installed on ILC 2050 BI-L",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.2.3 installed on ILC 2050 BI",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.2.3 installed on ILC 2050 BI-L",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8768",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact strongly recommends affected users to update to Engineering software Emalytics 1.2.3 or higher and recommission the controllers.\n\nPlease note: If this is not possible, please contact us via email at\\\ndevelopment.sysmik@phoenixcontact.com\\\nso that we can provide you with a fixed version. \n\nThe updated version is available on the vendors\u0027 [product page](https://www.phoenixcontact.com/en-us/products/controller-ilc-2050-bi-2403160)\n\nFilename: Emalytics_Setup_1.2.3.zip\\\nSHA-256: cf24d29f408cc80c3e9bf09234a9469bb2b2d01d832e9136ed75cae6b48df293 \n\nPhoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: \n\n[Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY \u0027Measures to protect network-capable devices with Ethernet connection against unauthorized access\u0027](https://dam-mdc.phoenixcontact.com/asset/156443151564/7287b631b23077172920b18d738b3b1c/107913_en_02.pdf)\n",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "title": "CVE-2020-8768"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.