VDE-2022-028

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-06-21 05:18 - Updated: 2025-05-14 13:00
Summary
PHOENIX CONTACT: Missing Authentication in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
Notes
Summary: ProConOS/ProConOS eCLR designed for use in closed industrial networks provide communication protocols without authentication. Please also refer the original ICS-CERT advisory ICSA-15-013-03 published 13 January 2015.
Impact: The identified vulnerability allows for unauthenticated users to modify programs in some controllers that are utilizing ProConOS/ProConOS eCLR and MULTIPROG products. Attackers who reengineer the communication protocols and have network or physical controller access can exploit this vulnerability. This vulnerability affects all versions of ProConOS/ProConOS eCLR and MULTIPROG from Phoenix Contact Software (formerly KW-Software).
Mitigation: Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised to check their implementation and may publish an advisory according to their product. Users of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures like an adequate defense– in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, as well as the use of firewalls for network segmentation or controller isolation. Users should check their manufacturers security advisories for more adequate information according to their dedicated device. Generic information and recommendations for security measures to protect network-capabledevices can be found in the application note.
CVE-2014-9195

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Mitigation Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised to check their implementation and may publish an advisory according to their product. Users of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures like an adequate defense– in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, as well as the use of firewalls for network segmentation or controller isolation. Users should check their manufacturers security advisories for more adequate information according to their dedicated device. Generic information and recommendations for security measures to protect network-capabledevices can be found in the application note.
References
Acknowledgments
CERT@VDE
Forescout Digital Bond Reid Wightman
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "names": [
          "Digital Bond",
          "Reid Wightman"
        ],
        "organization": "Forescout",
        "summary": "re-discovering."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "ProConOS/ProConOS eCLR designed for use in closed industrial networks provide communication protocols without authentication.\nPlease also refer the original ICS-CERT advisory ICSA-15-013-03 published 13 January 2015.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The identified vulnerability allows for unauthenticated users to modify programs in some controllers that are utilizing ProConOS/ProConOS eCLR and MULTIPROG products. Attackers who reengineer the communication protocols and have network or physical controller access can exploit this vulnerability. This vulnerability affects all versions of ProConOS/ProConOS eCLR and MULTIPROG from Phoenix Contact Software (formerly KW-Software).",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised to check their implementation and may publish an advisory according to their product.\nUsers of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures like an adequate defense\u2013 in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, as well as the use of firewalls for network segmentation or controller isolation. Users should check their manufacturers security advisories for more adequate information according to their dedicated device.\nGeneric information and recommendations for security measures to protect network-capabledevices can be found in the\u00a0application note.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "PHOENIX CONTACT PSIRT ",
        "url": "https://phoenixcontact.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-028: PHOENIX CONTACT: Missing Authentication in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-028/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-028: PHOENIX CONTACT: Missing Authentication in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-028.json"
      }
    ],
    "title": "PHOENIX CONTACT: Missing Authentication in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool",
    "tracking": {
      "aliases": [
        "VDE-2022-028"
      ],
      "current_release_date": "2025-05-14T13:00:15.000Z",
      "generator": {
        "date": "2025-04-04T08:48:23.496Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.22"
        }
      },
      "id": "VDE-2022-028",
      "initial_release_date": "2022-06-21T05:18:00.000Z",
      "revision_history": [
        {
          "date": "2022-06-21T05:18:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T13:00:15.000Z",
          "number": "2",
          "summary": "Fix: added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "MULTIPROG vers:all/*",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "MULTIPROG"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "ProConOS vers:all/*",
                      "product_id": "CSAFPID-51002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "ProConOS"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "ProConOS eCLR vers:all/*",
                      "product_id": "CSAFPID-51003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "ProConOS eCLR"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ],
        "summary": "Affected Products"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9195",
      "notes": [
        {
          "category": "description",
          "text": "Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised to check their implementation and may publish an advisory according to their product.\nUsers of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures like an adequate defense\u2013 in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, as well as the use of firewalls for network segmentation or controller isolation. Users should check their manufacturers security advisories for more adequate information according to their dedicated device.\nGeneric information and recommendations for security measures to protect network-capabledevices can be found in the\u00a0application note.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "title": "CVE-2014-9195"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.