PHOENIX CONTACT RAD-80211-XD
Act Now9.9ICS-CERT ICSA-19-085-02Mar 26, 2019
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
The RAD-80211-XD and RAD-80211-XD/HP-BUS wireless radio modules contain a command injection vulnerability (CWE-77) that allows an authenticated attacker to execute arbitrary system commands with administrative privileges on the device. The vulnerability has a CVSS score of 9.9 due to its ability to compromise confidentiality, integrity, and availability across connected systems. Phoenix Contact has removed these products from active maintenance due to obsolescence and will not provide a firmware patch. The vendor recommends upgrading to the active FL WLAN product line or restricting network access via firewall protection.
What this means
What could happen
An attacker with valid credentials and network access to a RAD-80211-XD radio module could execute system commands with administrative privileges, potentially disrupting wireless connectivity or altering configurations in connected control systems.
Who's at risk
Water utilities and electric utilities using Phoenix Contact RAD-80211-XD or RAD-80211-XD/HP-BUS wireless radio modules for remote telemetry, SCADA communications, or distributed control node connectivity should be concerned. Any organization relying on these obsolete wireless access points for ICS network communications is at risk.
How it could be exploited
An attacker who can reach the device on the network and has valid login credentials could submit a specially crafted command to the device, which would execute with administrative privileges. This could be used to gain control over the radio module's operation or extract sensitive configuration data.
Prerequisites
- Network access to the RAD-80211-XD radio module on port 80 or management interface
- Valid user login credentials for the device
remotely exploitablerequires valid credentialsno patch availableno vendor support (end of life)affects industrial control system communications
Exploitability
Moderate exploit probability (EPSS 4.3%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
RAD-80211-XD: (2885728)2885728No fix yet
RAD-80211-XD/HP-BUS: (2900047)2900047No fix yet
Remediation & Mitigation
0/5
Do now
0/4HARDENINGOperate RAD-80211-XD radio modules only in closed, isolated networks not connected to untrusted networks
HARDENINGDeploy firewall rules to restrict network access to RAD-80211-XD devices from all external networks
HARDENINGIsolate RAD-80211-XD radio modules from the business network using network segmentation
HARDENINGDisable remote access to RAD-80211-XD devices unless absolutely necessary; if required, use VPN with current security patches
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade to Phoenix Contact active FL WLAN product line to replace obsolete RAD-80211-XD devices
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/01dd3e25-8727-4d70-8d0d-9c8eb9360318