OTPulse
FeedAboutContact

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

Act NowICS-CERT ICSA-15-013-03Oct 16, 2015
Summary

ProConOs and MultiProg software from Phoenix Contact contain an authentication bypass vulnerability (CWE-306) that affects all versions. An attacker who can reach the engineering software over the network may bypass authentication and gain unauthorized access to control logic and device configuration. No patches are available from the vendor.

What this means
What could happen
An attacker with network access to ProConOs or MultiProg could bypass authentication mechanisms and gain unauthorized access to the engineering software, potentially allowing them to modify control logic, alter process parameters, or disrupt operations on connected industrial devices.
Who's at risk
Water authorities and electric utilities using Phoenix Contact ProConOs or MultiProg for engineering, configuration, and maintenance of industrial control equipment. This affects any organization that relies on these tools to manage PLCs, remote terminal units (RTUs), or other field devices in water treatment, distribution, or electrical generation and distribution systems.
How it could be exploited
An attacker on the network sends requests to ProConOs or MultiProg that exploit missing or weak authentication checks. With authentication bypassed, the attacker gains direct access to the engineering interface, where they can view, modify, or deploy control logic to connected PLCs or process equipment.
Prerequisites
  • Network access to the ProConOs or MultiProg engineering workstation or host system
  • ProConOs or MultiProg service accessible over the network (not air-gapped)
No patch availableNo authentication requiredHigh EPSS score (82.5%)Remotely exploitable
Exploitability
High exploit probability (EPSS 82.5%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ProConOs: vers:all/*All versionsNo fix (EOL)
MultiProg: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate ProConOs and MultiProg systems from untrusted networks using a firewall or air-gapping; restrict network access to authorized engineering workstations only
WORKAROUNDDisable remote access to ProConOs and MultiProg if not required for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from ProConOs and MultiProg for unauthorized access attempts
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: ProConOs: vers:all/*, MultiProg: vers:all/*. Apply the following compensating controls:
HARDENINGImplement network segmentation to separate engineering workstations from the control network and corporate network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b18c4b02-05b5-4d58-967c-91a0c6b35ea7