ICSA-23-250-02 · Published 2023-09-07 · View on CISA ICS-CERT ↗

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

CVSS 9.6 CRITICAL

Risk Summary

Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or cause a denial of service.

CVE-2023-3526 CVE-2023-3569

Phoenix Contact has made the following fixed versions available and encourages users to download the latest version:
TC ROUTER 3002T-4G
TC ROUTER 3002T-4G ATT
TC ROUTER 3002T-4G VZW
TC CLOUD CLIENT 1002-4G
TC CLOUD CLIENT 1002-4G ATT
TC CLOUD CLIENT 1002-4G VZW
CLOUD CLIENT 1101T-TX/TX
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on their recommendations for measures to protect network-capable devices, please refer to this application note "Measures to protect network-capable devices with Ethernet connection"
Phoenix Contact published a security advisory
CERT@VDE published VDE-2023-017

Phoenix Contact

Phoenix Contact · TC ROUTER 3002T-4G < 2.07.2

Phoenix Contact · TC ROUTER 3002T-4G ATT < 2.07.2

Phoenix Contact · TC ROUTER 3002T-4G VZW < 2.07.2

Phoenix Contact · TC CLOUD CLIENT 1002-4G < 2.07.2

Phoenix Contact · TC CLOUD CLIENT 1002-4G ATT < 2.07.2

Phoenix Contact · TC CLOUD CLIENT 1002-4G VZW < 2.07.2

Phoenix Contact · CLOUD CLIENT 1101T-TX/TX < 2.06.10

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.