PHOENIX CONTACT: ILC 1x1 ETH Denial of Service

Monitor7.5VDE-2018-012Aug 13, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial of service vulnerability in Phoenix Contact ILC 1x1 controllers allows network-based attackers to flood the device with traffic, causing the control program to slow down or stop execution. The vulnerability affects the IEC 61131 runtime on all versions of the ILC 131, 151, 171, and 191 ETH models. No firmware patch is available from the vendor; mitigation requires network-level protections such as firewall isolation and traffic filtering.

What this means

What could happen

An attacker with network access to an ILC controller can flood it with traffic, slowing down or stopping the IEC 61131 control program. This disrupts automation logic and could halt critical processes like conveyor systems, pump controls, or traffic signal management.

Who's at risk

Transportation authorities, traffic management systems, and any organization using Phoenix Contact ILC 131, 151, 171, or 191 ETH controllers for process automation should prioritize this. These devices manage critical control logic in traffic signals, rail systems, and automated machinery.

How it could be exploited

An attacker sends a large volume of network traffic to the ILC device. The controller's processor becomes overwhelmed handling incoming packets, causing the control program to slow or stop executing. No special credentials or complex setup required—just reachability to the device's network interface.

Prerequisites

Network connectivity to the ILC device (layer 3 reachability)
No authentication required
Ability to generate sustained network traffic toward the device

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical automation logic

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

ILC 131All versionsNo fix (EOL)

ILC 151All versionsNo fix (EOL)

ILC 171All versionsNo fix (EOL)

ILC 191 ETHAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDeploy a firewall between the ILC network and external networks to restrict inbound traffic

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGConfigure firewall rules to allow only authorized traffic to the ILC (block non-essential ports and protocols)

HARDENINGMonitor network traffic to the ILC for anomalously high packet rates or suspicious patterns

HARDENINGReview the Phoenix Contact industrial security application note (link provided in advisory) and implement recommended network protections

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ILC 131, ILC 151, ILC 171, ILC 191 ETH. Apply the following compensating controls:

HARDENINGOperate ILC devices in closed networks with restricted access (physically isolated or air-gapped)

CVEs (1)

CVE-2018-25112

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1dd58a87-809b-40f4-996b-3eed517a9a46