Phoenix Contact ILC PLC Authentication Vulnerabilities

Act Now7.3ICS-CERT ICSA-16-313-01Aug 12, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Phoenix Contact ILC 1xx PLCs contain authentication weaknesses (CWE-312, CWE-287) that allow unauthenticated network access to read sensitive data or modify control logic. An attacker on the network can connect directly to the PLC and interact with its memory and control functions without providing valid credentials. All versions of the ILC 1xx product line are affected, and no firmware update is currently available from the vendor.

What this means

What could happen

An attacker with network access to your Phoenix Contact ILC PLC could read sensitive data or alter control logic without credentials, potentially causing unintended process changes or stopping production operations.

Who's at risk

Operators of manufacturing facilities using Phoenix Contact ILC 1xx PLCs are affected. This includes discrete manufacturing plants, process automation systems, and any facility relying on these legacy PLCs for critical control logic. Because no patch is available, this risk is permanent for these devices.

How it could be exploited

An attacker on your plant network can directly connect to the ILC PLC over Ethernet (port 502 or vendor protocol ports) and read memory or modify control logic because authentication is either absent or improperly validated. No credentials or special knowledge are required beyond network reach to the PLC.

Prerequisites

Network access to the ILC PLC over Ethernet
No authentication credentials required
Attacker must be able to reach the PLC's network interface (typically port 502)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (12.5%)no patch availableaffects industrial control systems

Exploitability

High exploit probability (EPSS 12.5%)

Affected products (1)

ProductAffected VersionsFix Status

ILC 1xx PLCs: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate ILC PLC from untrusted networks using network segmentation (VLAN or firewall rules); restrict access to engineering workstations and supervisory systems only

HARDENINGImplement firewall rules to permit only authorized devices to communicate with the PLC; deny unauthenticated connections to the PLC's service ports

WORKAROUNDDisable remote access to the PLC unless absolutely required; if required, use a VPN or secure jump host with strong authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the PLC for unauthorized connection attempts or data transfers

Long-term hardening

0/1

HOTFIXContact Phoenix Contact to request a firmware update or security advisory; consider replacing aging ILC 1xx units with newer models that include authentication

CVEs (2)

CVE-2016-8366 CVE-2016-8371

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/71eabd83-564c-4438-ae08-eeae8bf4e5d5