VDE-2021-036

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-08-04 07:56 - Updated: 2025-05-14 12:28
Summary
PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a
Notes
Summary: Please consult the CVE entries above for more details.
Impact: An attacker may use the above-described vulnerabilities to perform a Denial of Service attack. Phoenix Contact devices using CodeMeter embedded are not affected by these vulnerabilities.
Mitigation: 1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link. 2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk. 3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed. 4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.
Remediation: PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.
CVE-2021-20994

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mitigation 1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link. 2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk. 3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed. 4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.
Vendor Fix PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.
CVE-2021-20993

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Mitigation 1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link. 2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk. 3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed. 4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.
Vendor Fix PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.
References
Acknowledgments
CERT@VDE certvde.com
Tenable
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "Tenable",
        "summary": "discovered and reported to WIBU Systems"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Please consult the CVE entries above for more details.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker may use the above-described vulnerabilities to perform a Denial of Service attack.\nPhoenix Contact devices using CodeMeter embedded are not affected by these vulnerabilities.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link.\n2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.\n3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.\n4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "PHOENIX CONTACT advisory overview at CERT@VDE",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-036: PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2021-036"
      },
      {
        "category": "self",
        "summary": "VDE-2021-036: PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-036.json"
      }
    ],
    "title": "PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a",
    "tracking": {
      "aliases": [
        "VDE-2021-036"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2025-01-29T11:23:03.562Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.17"
        }
      },
      "id": "VDE-2021-036",
      "initial_release_date": "2021-08-04T07:56:00.000Z",
      "revision_history": [
        {
          "date": "2021-08-04T07:56:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "2",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.4",
                    "product": {
                      "name": "Activation Wizard \u003c=1.4",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Activation Wizard"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.7.3",
                    "product": {
                      "name": "E-Mobility Charging Suite license codes for EV Charging Suite Setup \u003c=1.7.3",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "1153509",
                          "1153513",
                          "1086929",
                          "1153516",
                          "1086891",
                          "1153508",
                          "1153520",
                          "1086921",
                          "1086889",
                          "1086920"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "E-Mobility Charging Suite license codes for EV Charging Suite Setup"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=5.0",
                    "product": {
                      "name": "FL Network Manager \u003c=5.0",
                      "product_id": "CSAFPID-51003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "2702889"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "FL Network Manager"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.7.0",
                    "product": {
                      "name": "IOL-CONF \u003c=1.7.0",
                      "product_id": "CSAFPID-51004",
                      "product_identification_helper": {
                        "model_numbers": [
                          "1083065"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "IOL-CONF"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2021.06",
                    "product": {
                      "name": "PC Worx Engineer \u003c=2021.06",
                      "product_id": "CSAFPID-51005",
                      "product_identification_helper": {
                        "model_numbers": [
                          "1046008"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx Engineer"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2021.06",
                    "product": {
                      "name": "PLCNEXT ENGINEER EDU LIC \u003c=2021.06",
                      "product_id": "CSAFPID-51006",
                      "product_identification_helper": {
                        "model_numbers": [
                          "1165889"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "PLCNEXT ENGINEER EDU LIC"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "PHOENIX CONTACT"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20994",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51006"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link.\n2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.\n3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.\n4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 6.1,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        }
      ],
      "title": "CVE-2021-20994"
    },
    {
      "cve": "CVE-2021-20993",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "description",
          "text": "In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51006"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY external link.\n2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.\n3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.\n4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "PHOENIX CONTACT strongly recommends affected Users to upgrade to Codemeter V7.21a, which fixes these vulnerabilities. Wibu-Systems has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.21a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the Wibu-Systems homepage.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006"
          ]
        }
      ],
      "title": "CVE-2021-20993"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.