Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK
BOSCH-SA-645125
Advisory Information
- Advisory ID: BOSCH-SA-645125
-
CVE Numbers and Scores:
-
CVE-2018-16994
- Base Score: 7.5 (High)
-
CVE-2018-16994
- Published: 16 Mar 2020
- Last Updated: 16 Mar 2020
Summary
The S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin [1] about a weakness in the web-based administration interface for managing the device properties. By exploiting the vulnerability, the device can be put into a state in which network queries are no longer answered. To restore the device to a proper state, it must be restarted.
The vulnerability affects all available hardware revisions and all software versions.
Affected Products
- Rexroth S20-ETH-BK
- Rexroth S20-PN-BK+
Solution and Mitigations
Apply DC Security Policy
When using the devices, it is strongly recommended to implement the measures for network segmentation described in the DC Security Policy (see “Security Manual Electric Drives and Controls” [2] ).
Vulnerability Details
CVE-2018-16994
CVE description: An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices. Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
- Problem Type:
-
CVSS Vector String:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Base Score: 7.5 (High)
Remark
Vulnerability classification has been performed using the CVSSv3 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
- [1] Phoenix Contact Security Advisory for CVE-2018-16994: https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf
- [2] Security Manual Electric Drives and Controls: https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342562
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 16 Mar 2020: Initial Publication