CVE-2018-16994

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT AXL F BK PN versions 1.0.4 and earlier PHOENIX CONTACT AXL F BK ETH versions 1.12 and earlier PHOENIX CONTACT AXL F BK ETH XC versions 1.11 and earlier Bosch Rexroth S20-ETH-BK (affected versions not specified) Bosch Rexroth S20-PN-BK+ (affected versions not specified)

Description: The issue allows remote attackers to initiate a complete lock up of the bus coupler due to incorrect handling of a request with non-standard symbols. No authentication of the request is required.

Recommendations: For PHOENIX CONTACT AXL F BK PN versions 1.0.4 and earlier, update to a version later than 1.0.4. For PHOENIX CONTACT AXL F BK ETH versions 1.12 and earlier, update to a version later than 1.12. For PHOENIX CONTACT AXL F BK ETH XC versions 1.11 and earlier, update to a version later than 1.11. For Bosch Rexroth S20-ETH-BK and S20-PN-BK+, contact the vendor for specific guidance on updating or mitigating the issue. As a temporary workaround, consider restricting access to the bus coupler to minimize the risk of exploitation.