PHOENIX CONTACT: Security Advisory for FL SWITCH SMCS series

Monitor7.5VDE-2021-023Jun 23, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Phoenix Contact FL SWITCH SMCS and FL NAT SMN series managed switches. The vulnerabilities involve a race condition (CWE-362), cross-site scripting (CWE-79), and improper resource handling (CWE-404). An attacker with network access could trigger denial of service or compromise the integrity of network communications passing through the switch. No firmware patches are available from the vendor.

What this means

What could happen

Multiple vulnerabilities in Phoenix Contact industrial switches could allow a network attacker to cause denial of service or compromise the integrity of network communications in your facility. Since no patch is available, you must rely on network isolation and firewall controls to protect these critical switching devices.

Who's at risk

Water and electric utility operators who use Phoenix Contact FL SWITCH SMCS series managed switches in their facility networks. These switches are commonly used to backbone SCADA networks, connect RTU/PLC sites, or provide redundancy in industrial Ethernet deployments. All versions up to firmware 4.70 are vulnerable.

How it could be exploited

An attacker with network access to the affected switch could send specially crafted requests to exploit the identified vulnerabilities (CWE-362: race condition, CWE-79: cross-site scripting, CWE-404: improper resource handling). No authentication is required. The attacker could either crash the switch (denial of service) or manipulate network traffic flowing through it.

Prerequisites

Network access to the affected switch on the Ethernet port
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (7.5)

Affected products (15)

15 EOL

ProductAffected VersionsFix Status

FL SWITCH SMCS 14TX/2FX≤ 4.70No fix (EOL)

FL SWITCH SMCS 16TX≤ 4.70No fix (EOL)

FL SWITCH SMCS 4TX-PN≤ 4.70No fix (EOL)

FL SWITCH SMCS 6GT/2SFP≤ 4.70No fix (EOL)

FL SWITCH SMCS 6TX/2SFP≤ 4.70No fix (EOL)

FL SWITCH SMCS 8GT≤ 4.70No fix (EOL)

FL SWITCH SMCS 8TX≤ 4.70No fix (EOL)

FL SWITCH SMN 6TX/2FX SM≤ 4.70No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate affected FL SWITCH SMCS series devices from untrusted networks using air-gap or dedicated network segments.

WORKAROUNDImplement firewall rules to restrict inbound network access to affected switches to only authorized management and operational sources.

HARDENINGDisable remote management interfaces (web UI, SNMP, or SSH) on affected switches if not actively required for operations.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGSegregate switch management traffic onto a separate protected engineering network with strong access controls.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: FL SWITCH SMCS 14TX/2FX, FL SWITCH SMCS 16TX, FL SWITCH SMCS 4TX-PN, FL SWITCH SMCS 6GT/2SFP, FL SWITCH SMCS 6TX/2SFP, FL SWITCH SMCS 8GT, FL SWITCH SMCS 8TX, FL SWITCH SMN 6TX/2FX SM, FL SWITCH SMN 6TX/2POF-PN, FL NAT SMN 8TX, FL NAT SMN 8TX-M, FL SWITCH SMCS 14TX/2FX-SM, FL SWITCH SMCS 14TX/2FX-SM, FL SWITCH SMCS 8TX-PN, FL SWITCH SMN 8TX-PN. Apply the following compensating controls:

HARDENINGMonitor affected switches for unexpected restarts or configuration changes that could indicate exploitation attempts.

CVEs (3)

CVE-2021-21005 CVE-2021-21004 CVE-2021-21003

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5efea392-eda5-4541-86d9-9a38c6276da4