QID 590571

Date Published: 2021-12-23

QID 590571: PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol Multiple Vulnerabilities (ICSA-17-325-01)

AFFECTED PRODUCTS
PHOENIX CONTACT reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:
BL2 BPC,
BL2 PPC,
FL COMSERVER WLAN 232/422/485,
FL WLAN 110x,
FL WLAN 210x,
FL WLAN 510x,
FL WLAN 230 AP 802-11,
FL WLAN 24 AP 802-11,
FL WLAN 24 DAP 802-11,
FL WLAN 24 EC 802-11,
FL WLAN EPA,
FL WLAN SPA,
ITC 8113,
RAD-80211-XD,
RAD-WHG/WLAN-XD,
TPC 6013,
VMT 30xx,
VMT 50xx, and
VMT 70xx.

QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning

Successful exploitation of these vulnerabilities could allow an attacker to operate as a man-in-the-middle between the device and the wireless access point.

  • CVSS V3 rated as High - 6.8 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
    • Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-17-325-01 for affected packages and patching details.

    Vendor References

    CVEs related to QID 590571

    CVE-2017-13080 | CVE-2017-13077 | CVE-2017-13078 |
    Software Advisories
    Advisory ID Software Component Link
    ICSA-17-325-01 URL Logo www.us-cert.gov/ics/advisories/ICSA-17-325-01
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].