PHOENIX CONTACT: Denial-of-Service vulnerabilty in Emalytics, ILC 2050 BI and ILC 2050 BI-L

MonitorCVSS 4.3VDE-2020-026Aug 20, 2020

Phoenix Contact

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability exists in Phoenix Contact ILC 2050 BI, ILC 2050 BI-L hardware controllers and Emalytics Automation Workbench N4 software (versions 1.3.0 and earlier) in TLS handshake handling. A timeout during TLS connection negotiation can cause the connection to fail to terminate properly, leaving a Niagara thread in a hung state. This requires manual device restart to restore normal operation. The vulnerability is triggered by sending a malformed or stalled TLS connection attempt to the device's Ethernet port.

What this means

What could happen

A TLS handshake timeout can cause a Niagara thread to hang on the ILC 2050 BI controllers or Emalytics workbench, requiring manual restart and causing temporary loss of automation or monitoring visibility until the device recovers.

Who's at risk

Water utilities and electric utilities operating Phoenix Contact ILC 2050 BI or BI-L industrial controllers and any facility using Emalytics Automation Workbench N4 for process automation and monitoring. Impact is highest on facilities where these controllers manage critical process control or where extended downtime during manual restart is operationally disruptive.

How it could be exploited

An attacker on the local network (adjacent to the device) initiates a TLS connection to the affected device and intentionally triggers a timeout during the handshake. The connection fails to terminate cleanly, leaving a thread in a hung state. The device eventually becomes unresponsive and must be manually restarted.

Prerequisites

Network access to the Ethernet port of the ILC 2050 BI or Emalytics workbench from the same network segment (AV:A means adjacent network)
No authentication required to trigger the timeout condition

Remotely exploitable from adjacent networkNo authentication requiredLow complexity attackRequires manual intervention to recover (operational impact)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Hardware ILC 2050 BI≤ 1.3.0v.1.4.0

Hardware ILC 2050 BI-L≤ 1.3.0v.1.4.0

Software Emalytics Automation Workbench N4≤ 1.3.0v.1.4.0

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict Ethernet access to ILC 2050 and Emalytics devices using firewall rules; allow only trusted engineering and operations networks

HARDENINGLimit physical access to devices and Ethernet ports to trained and authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ILC 2050 BI to firmware version 1.4.0 or later

HOTFIXUpdate ILC 2050 BI-L to firmware version 1.4.0 or later

HOTFIXUpdate Emalytics Automation Workbench N4 to version 1.4.0 or later

CVEs (1)

CVE-2020-14483

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8091b21b-c37e-4218-8063-d924ccce2a83

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.