Network kit biz Phoenix takes heat as flaws could leave industrial control system security in ashes | 2/11/2019 | Staff
Nighty (Posted by) Level 3
Click For Photo:

Companies running a popular brand of industrial Ethernet switch are being advised to update their firmware ASAP following a series of bug disclosures.

Security house Positive Technologies took credit today for the discovery of six CVE-listed security vulnerabilities in the Phoenix Contact FL Switch 3xxx, 4xxx, and 48xx industrial control switches. The flaws are addressed in firmware versions 1.35 or newer.

Flaws - Positive - Security - Risks - Devices

Among the now-patched flaws were several Positive described as "critical" security risks that could be exploited to knock vulnerable devices offline or pull off man-in-the-middle attacks.

"Successful exploitation of these weaknesses has the potential to cause disruption, or even total interruption, of ICS operations," Positive Technologies SCADA research analyst Paolo Emiliani said in the company's write-up of the issue.

Attacker - Credentials - Switch - Ports - Failure

"An attacker can intercept user credentials and then re-configure a switch to disable its ports, resulting in failure of network communication between ICS components."

These are particularly serious bugs given where many of the vulnerable network switches are used. Positive says the Contact FL...
(Excerpt) Read more at:
Wake Up To Breaking News!
When will they ever learn?
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!