You are here

PHOENIX CONTACT Emalytics Controller ILC (ICSA-20-063-02) – Product Used in the Energy Sector

PHOENIX CONTACT Emalytics Controller ILC (ICSA-20-063-02) – Product Used in the Energy Sector

Created: Thursday, March 5, 2020 - 11:05
Categories:
Cybersecurity

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in PHOENIX CONTACT Emalytics Controller ILC. All versions prior to 1.2.3 are affected. Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services. Phoenix Contact strongly recommends affected users update to engineering software Emalytics v1.2.3 or higher and recommission the controllers. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.