← Back to home
ICSA-22-172-04  ·  Published 2022-06-21  ·  View on CISA ICS-CERT ↗

Phoenix Contact ProConOS and MULTIPROG

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious code after gaining access to the communication to products utilizing ProConOS/ProConOS eCLR or MULTIPROG.

CVEs (1)

Remediations

  • Industrial controllers based on ProConOS/ProConOS eCLR are typically developed and designed for use in closed industrial networks using a defense-in-depth approach and focusing on network segmentation. In such an approach, the production plant is protected against attacks (especially from the outside) by a multi-level perimeter, including firewalls, as well as dividing the plant into OT zones. This concept is supported by organizational measures in the production plant as part of a security management system. To accomplish such security, measures are required at all levels.
  • Manufacturers using ProConOS/ProConOS eCLR in automation devices are advised to check implementation and publish an advisory according to their product.
  • Users of automation devices utilizing ProConOS/ProConOS eCLR in their automation systems may check if their application requires additional security measures, such as adequate defense-in-depth networking architecture, the use of virtual private networks (VPNs) for remote access, or the use of firewalls for network segmentation or controller isolation. Users should check manufacturer security advisories for more adequate information according to their dedicated device.
  • Users should ensure logic is always transferred or stored in protected environments. This is valid for data in transmission as well as data in rest.
  • Users should ensure connections between the engineering tools and the controller are located in a locally protected environment or protected by VPN for remote access.
  • Do not send project data as a file via email or other transfer mechanisms without additional integrity and authenticity checks. Save project data in protected environments only.
  • Generic information and recommendations for security measures to protect network-capable devices can be found in the Application Note.

Affected Vendors

Phoenix Contact

Affected Products (3)

Phoenix Contact · MULTIPROG vers:all/*
Phoenix Contact · ProConoS vers:all/*
Phoenix Contact · ProConoS eCLR vers:all/*

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more