PHOENIX CONTACT FL NAT SMx
Plan Patch8.8ICS-CERT ICSA-19-155-02Jun 4, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Phoenix Contact FL NAT SMx industrial Ethernet switches are vulnerable to unauthorized access due to improper access controls on the web interface and SNMP services. Successful exploitation allows attackers to gain full access to device configuration without authentication. Affected models include FL NAT SMCS 8TX, FL NAT SMN 8TX-M-DMG, FL NAT SMN 8TX-M, and FL NAT SMN 8TX. No firmware patches are planned by the vendor. The vulnerability can be exploited over the network if the switch is reachable from an untrusted network segment, VPN connection, or the internet.
What this means
What could happen
An attacker with access to the network could gain unauthorized control of the industrial Ethernet switch configuration, potentially disrupting network connectivity to critical manufacturing equipment and PLCs.
Who's at risk
Manufacturing facilities and utilities operating Phoenix Contact FL NAT SMx industrial Ethernet switches for plant-wide network connectivity. This includes any organization using these switches to connect PLCs, sensors, or other control devices in manufacturing or critical infrastructure environments.
How it could be exploited
An attacker on the same network segment sends unauthenticated requests to the switch's web interface (port 80/443) or SNMP (port 161) to access and modify device configuration without credentials. If the switch is internet-exposed or accessible via VPN, the attack can originate remotely.
Prerequisites
- Network access to the FL NAT switch on port 80, 443 (web UI) or port 161 (SNMP)
- No valid credentials required
- Device must be reachable from attacker's network segment or via VPN/internet if exposed
remotely exploitableno authentication requiredlow complexityno patch availableaffects network infrastructure to safety/critical systemsimpacts manufacturing operations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
industrial Ethernet switch FL NAT SMCS 8TX: (2989378)2989378No fix (EOL)
industrial Ethernet switch FL NAT SMN 8TX-M-DMG: (2989352)2989352No fix (EOL)
industrial Ethernet switch FL NAT SMN 8TX-M: (2702443)2702443No fix (EOL)
industrial Ethernet switch FL NAT SMN 8TX: (2989365)2989365No fix (EOL)
Remediation & Mitigation
0/7
Do now
0/4HARDENINGOperate the switch in a closed network isolated from untrusted networks or protect with a firewall that blocks all inbound access to ports 80, 443, and 161 except from authorized management stations
WORKAROUNDDisable the web UI interface and manage the device exclusively through SNMP if web access is not required
HARDENINGSet a strong system password, as it is also used as the SNMP write community string
WORKAROUNDLog off from the web UI immediately after completing administration tasks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGIf using SNMP, configure extended ACLs to permit SNMP access only from authorized management workstations
HARDENINGIf remote access is required, use a VPN with the most current firmware/software patches and limit the number of devices connected per VPN endpoint
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: industrial Ethernet switch FL NAT SMCS 8TX: (2989378), industrial Ethernet switch FL NAT SMN 8TX-M-DMG: (2989352), industrial Ethernet switch FL NAT SMN 8TX-M: (2702443), industrial Ethernet switch FL NAT SMN 8TX: (2989365). Apply the following compensating controls:
HARDENINGSegregate SNMP management traffic to a separate, out-of-band management network if possible
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/80487b7c-85e3-4a4c-a58a-016bbdc01ee1