VDE-2022-025
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-06-21 05:15 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Vulnerability in classic line industrial controllers
Notes
Summary: The affected devices insufficiently verify uploaded data.
Impact: An attacker capable of either transmitting manipulated logic or manipulating legitimate logic can execute arbitrary malicious code on the device.
Mitigation: Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn't feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.
Generic information and recommendations for security measures to protect network-capabledevices can be found in the application note.
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.
9.8 (Critical)
Mitigation
Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn't feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.
Generic information and recommendations for security measures to protect network-capable
devices can be found in the application note.
References
Acknowledgments
CERT@VDE
Forescout
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "Forescout",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The affected devices\u00a0insufficiently\u00a0verify uploaded data.",
"title": "Summary"
},
{
"category": "description",
"text": "An attacker capable of either transmitting manipulated logic or manipulating legitimate logic can execute arbitrary malicious code on the device.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn\u0027t feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\n\nCustomers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended. \n\nGeneric information and recommendations for security measures to protect network-capabledevices can be found in the\u00a0application note.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-025: PHOENIX CONTACT: Vulnerability in classic line industrial controllers - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-025/"
},
{
"category": "self",
"summary": "VDE-2022-025: PHOENIX CONTACT: Vulnerability in classic line industrial controllers - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-025.json"
}
],
"title": "PHOENIX CONTACT: Vulnerability in classic line industrial controllers",
"tracking": {
"aliases": [
"VDE-2022-025"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-09T08:00:10.688Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-025",
"initial_release_date": "2022-06-21T05:15:00.000Z",
"revision_history": [
{
"date": "2022-06-21T05:15:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: added distribution, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC 1050",
"product": {
"name": "AXC 1050",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "AXC 1050 XC",
"product": {
"name": "AXC 1050 XC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2701295"
]
}
}
},
{
"category": "product_name",
"name": "AXC 3050",
"product": {
"name": "AXC 3050",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2700989"
]
}
}
},
{
"category": "product_name",
"name": "FC 350 PCI ETH",
"product": {
"name": "FC 350 PCI ETH",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2730844"
]
}
}
},
{
"category": "product_name",
"name": "ILC1x0",
"product": {
"name": "ILC1x0",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "ILC1x1",
"product": {
"name": "ILC1x1",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "ILC 1x1 GSM/GPRS",
"product": {
"name": "ILC 1x1 GSM/GPRS",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2700977"
]
}
}
},
{
"category": "product_name",
"name": "ILC 3xx",
"product": {
"name": "ILC 3xx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "PC WORX RT BASIC",
"product": {
"name": "PC WORX RT BASIC",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2700291"
]
}
}
},
{
"category": "product_name",
"name": "PC WORX SRT",
"product": {
"name": "PC WORX SRT",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2701680"
]
}
}
},
{
"category": "product_name",
"name": "RFC 430 ETH-IB",
"product": {
"name": "RFC 430 ETH-IB",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2730190"
]
}
}
},
{
"category": "product_name",
"name": "RFC 450 ETH-IB",
"product": {
"name": "RFC 450 ETH-IB",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2730200"
]
}
}
},
{
"category": "product_name",
"name": "RFC 460R PN 3TX",
"product": {
"name": "RFC 460R PN 3TX",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2700784"
]
}
}
},
{
"category": "product_name",
"name": "RFC 460R PN 3TX-S",
"product": {
"name": "RFC 460R PN 3TX-S",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"1096407"
]
}
}
},
{
"category": "product_name",
"name": "RFC 470 PN 3TX",
"product": {
"name": "RFC 470 PN 3TX",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2916600"
]
}
}
},
{
"category": "product_name",
"name": "RFC 470S PN 3TX",
"product": {
"name": "RFC 470S PN 3TX",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"2916794"
]
}
}
},
{
"category": "product_name",
"name": "RFC 480S PN 4TX",
"product": {
"name": "RFC 480S PN 4TX",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"2404577"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
],
"summary": "Affected Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 1050",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 1050 XC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on AXC 3050",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on FC 350 PCI ETH",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x0",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC1x1",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC 1x1 GSM/GPRS",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ILC 3xx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PC WORX RT BASIC",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on PC WORX SRT",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 430 ETH-IB",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 450 ETH-IB",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 460R PN 3TX",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 460R PN 3TX-S",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 470 PN 3TX",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 470S PN 3TX",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on RFC 480S PN 4TX",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31800",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact classic line controllers are designed and developed for the use in closed industrial networks. The controller doesn\u0027t feature logic integrity and authenticity checks by design. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\n\nCustomers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.\n\nGeneric information and recommendations for security measures to protect network-capable\ndevices can be found in the application note.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31800"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…