Phoenix Contact: AXL F BK PN Denial of Service Vulnerability
Monitor7.5VDE-2018-015Sep 21, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Phoenix Contact AXL F BK PN bus couplers (models ETH ≤1.12, ETH XC ≤1.11, PN ≤1.0.4) contain a denial-of-service vulnerability in their Profinet request handling. Non-standard symbols in a network request cause the coupler to lock up completely, halting all I/O communication. No authentication is required to trigger the vulnerability. The vendor has not released a fix for any affected model. Mitigation requires network isolation and firewall protection.
What this means
What could happen
An attacker can send a specially crafted network request to the AXL F BK PN coupler without needing any credentials, causing the device to freeze and stop responding. This halts all I/O communication and plant operations controlled through the coupler until the device is physically rebooted.
Who's at risk
Water authorities and municipal utilities using Phoenix Contact AXL F BK PN couplers in Profinet-based control systems are affected. This includes devices in SCADA systems, PLC racks, and I/O networks that manage pump stations, treatment processes, and distribution control. Facilities with these couplers exposed to untrusted networks face denial-of-service risk.
How it could be exploited
An attacker on the network sends a malformed packet containing non-standard symbols to the AXL F BK PN coupler on its Profinet port. The coupler fails to validate the request format, processes it incorrectly, and enters a locked state. No credentials or special configuration is required—the device is vulnerable as shipped.
Prerequisites
- Network access to the AXL F BK PN coupler's Profinet port (port 34964 UDP typically)
- Device must be reachable from attacker's network segment
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical infrastructure control systems
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
AXL F BK PN≤ 1.0.4No fix (EOL)
AXL F BK ETH≤ 1.12No fix (EOL)
AXL F BK ETH XC≤ 1.11No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2AXL F BK PN
HARDENINGIsolate AXL F BK PN couplers to a closed control network and restrict inbound access from the corporate network using a firewall
All products
WORKAROUNDConfigure network firewall rules to block non-standard or malformed Profinet traffic to the coupler
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGImplement network segmentation to prevent untrusted devices and external networks from reaching the coupler
HARDENINGMonitor coupler uptime and CPU load to detect spontaneous resets or lockups indicative of exploitation attempts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c7b2fdb6-4c93-4ba7-9ada-aa09bc6e9bbc