Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers
Plan Patch7.5VDE-2025-029May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial of service (DoS) vulnerability exists in multiple Phoenix Contact AXL F BK and IL BK bus couplers. An HTTP request to port 80 can cause resource exhaustion (CWE-770), rendering the device unresponsive. This has been observed during network security scanner operation. The affected bus couplers are intended for use in closed industrial networks and serve as communication bridges for I/O modules and field devices. Some product variants have fixed firmware available; others are discontinued or will receive fixes in future revisions. The vendor strongly recommends operating these devices only in closed networks protected by firewalls and excluding DoS tests from security scanners if scanning is mandatory.
What this means
What could happen
An attacker on your network can send specially crafted HTTP requests to port 80 on these bus couplers, causing them to become unresponsive and interrupt communication with connected I/O modules or field devices until reboot.
Who's at risk
Water utilities, electric utilities, and any municipality running networked industrial control systems that use Phoenix Contact AXL F BK or IL BK bus couplers for I/O integration. These couplers act as communication bridges between field devices (sensors, actuators, PLCs) and factory automation networks. Organizations using EtherCAT, EtherNet/IP, or Profinet-based architectures are particularly affected if they are running older firmware versions.
How it could be exploited
An attacker with network access to the device sends HTTP requests or runs a network security scanner against port 80. The malformed or high-volume requests trigger a resource exhaustion condition in the HTTP service, rendering the device unresponsive and disrupting real-time industrial communication.
Prerequisites
- Network access to the bus coupler on port 80 (HTTP)
- No authentication required
- Device must be reachable from attacker's network segment
remotely exploitableno authentication requiredlow complexityaffects safety systemsmany products have no patch available
Affected products (14)
4 with fix10 EOL
ProductAffected VersionsFix Status
AXL F BK PN TPS≤ FW1.33FW2.00
AXL F BK PN TPS XC≤ FW1.33FW2.00
AXL F BK ETH≤ FW1.31FW1.32
AXL F BK ETH XC≤ FW1.33FW1.32
AXL F BK SAS≤ FW1.35No fix (EOL)
AXL F BK EIP≤ FW1.30No fix (EOL)
AXL F BK EIP EF≤ FW1.30No fix (EOL)
IL PN BK-PAC≤ FW1.13No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDImplement a firewall rule to block or restrict inbound traffic to port 80 (HTTP) on all bus couplers from untrusted network segments.
WORKAROUNDIf network security scanning is required, configure your scanner to disable denial-of-service (DoS) tests targeting port 80 or exclude these bus coupler devices from HTTP-based vulnerability scans.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
AXL F BK PN TPS
HOTFIXUpdate AXL F BK PN TPS, AXL F BK PN TPS XC, AXL F BK ETH, and AXL F BK ETH XC to the specified fixed firmware versions (FW2.00 for PN TPS variants, FW1.32 for ETH variants) during scheduled maintenance windows.
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: AXL F BK SAS, AXL F BK EIP, AXL F BK EIP EF, IL PN BK-PAC, IL ETH BK-PAC, IL ETH BK DI8 DO4 2TX-PAC, IL EIP BK DI8 DO4 2TX-PAC, AXL F BK PN, AXL F BK PN XC, AXL F BK EIP XC. Apply the following compensating controls:
HARDENINGSegment and isolate bus coupler networks from corporate IT networks and external access using firewalls or network switches with VLAN enforcement to ensure they remain in closed industrial network environments.
HARDENINGMonitor bus coupler health and responsiveness; establish automated alerts for port 80 traffic anomalies or device communication timeouts as a compensating control until patching is complete.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7fe3c20c-6e74-4d39-b1a8-93a45de94003