PHOENIX CONTACT FL NAT SMx

Plan PatchCVSS 8.8ICS-CERT ICSA-19-155-02Mar 25, 2019

Phoenix ContactManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Phoenix Contact FL NAT SMx industrial Ethernet switches are vulnerable to unauthorized access due to improper access controls on the web interface and SNMP services. Successful exploitation allows attackers to gain full access to device configuration without authentication. Affected models include FL NAT SMCS 8TX, FL NAT SMN 8TX-M-DMG, FL NAT SMN 8TX-M, and FL NAT SMN 8TX. No firmware patches are planned by the vendor. The vulnerability can be exploited over the network if the switch is reachable from an untrusted network segment, VPN connection, or the internet.

What this means

What could happen

An attacker with access to the network could gain unauthorized control of the industrial Ethernet switch configuration, potentially disrupting network connectivity to critical manufacturing equipment and PLCs.

Who's at risk

Manufacturing facilities and utilities operating Phoenix Contact FL NAT SMx industrial Ethernet switches for plant-wide network connectivity. This includes any organization using these switches to connect PLCs, sensors, or other control devices in manufacturing or critical infrastructure environments.

How it could be exploited

An attacker on the same network segment sends unauthenticated requests to the switch's web interface (port 80/443) or SNMP (port 161) to access and modify device configuration without credentials. If the switch is internet-exposed or accessible via VPN, the attack can originate remotely.

Prerequisites

Network access to the FL NAT switch on port 80, 443 (web UI) or port 161 (SNMP)
No valid credentials required
Device must be reachable from attacker's network segment or via VPN/internet if exposed

remotely exploitableno authentication requiredlow complexityno patch availableaffects network infrastructure to safety/critical systemsimpacts manufacturing operations

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (8)

4 pending4 EOL

ProductAffected VersionsFix Status

FL NAT SMCS 8TXAll versionsNo fix yet

FL NAT SMN 8TXAll versionsNo fix yet

FL NAT SMN 8TX-MAll versionsNo fix yet

FL NAT SMN 8TX-M-DMGAll versionsNo fix yet

industrial Ethernet switch FL NAT SMCS 8TX: (2989378)2989378No fix (EOL)

industrial Ethernet switch FL NAT SMN 8TX-M-DMG: (2989352)2989352No fix (EOL)

industrial Ethernet switch FL NAT SMN 8TX-M: (2702443)2702443No fix (EOL)

industrial Ethernet switch FL NAT SMN 8TX: (2989365)2989365No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

HARDENINGOperate the switch in a closed network isolated from untrusted networks or protect with a firewall that blocks all inbound access to ports 80, 443, and 161 except from authorized management stations

WORKAROUNDDisable the web UI interface and manage the device exclusively through SNMP if web access is not required

HARDENINGSet a strong system password, as it is also used as the SNMP write community string

WORKAROUNDLog off from the web UI immediately after completing administration tasks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf using SNMP, configure extended ACLs to permit SNMP access only from authorized management workstations

HARDENINGIf remote access is required, use a VPN with the most current firmware/software patches and limit the number of devices connected per VPN endpoint

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: industrial Ethernet switch FL NAT SMCS 8TX: (2989378), industrial Ethernet switch FL NAT SMN 8TX-M-DMG: (2989352), industrial Ethernet switch FL NAT SMN 8TX-M: (2702443), industrial Ethernet switch FL NAT SMN 8TX: (2989365). Apply the following compensating controls:

HARDENINGSegregate SNMP management traffic to a separate, out-of-band management network if possible

CVEs (1)

CVE-2019-9744

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/80487b7c-85e3-4a4c-a58a-016bbdc01ee1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.