Vulnerabilites related to phoenixcontact - axc_f_2152_starterkit_firmware
cve-2019-10997
Vulnerability from cvelistv5
Published
2019-06-17 17:59
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T17:59:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf",
"refsource": "CONFIRM",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10997",
"datePublished": "2019-06-17T17:59:18",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10998
Vulnerability from cvelistv5
Published
2019-06-18 12:10
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T12:10:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf",
"refsource": "CONFIRM",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10998",
"datePublished": "2019-06-18T12:10:17",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34570
Vulnerability from cvelistv5
Published
2021-09-27 08:25
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2021-029/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Phoenix Contact | AXC F |
Version: AXC F 1152 (1151412) < 2021.0.5 LTS Version: AXC F 2152 (2404267) < 2021.0.5 LTS Version: AXC F 3152 (1069208) < 2021.0.5 LTS Version: AXC F 2152 Starterkit (1046568) < 2021.0.5 LTS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AXC F",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 1152 (1151412)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 (2404267)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 3152 (1069208)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 Starterkit (1046568)",
"versionType": "custom"
}
]
},
{
"product": "RFC",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "RFC 4072S (1051328)",
"versionType": "custom"
}
]
},
{
"product": "PLCnext",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "PLCnext Technology Starterkit (1188165)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"datePublic": "2021-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T08:25:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"solutions": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS",
"workarounds": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-03T22:00:00.000Z",
"ID": "CVE-2021-34570",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AXC F",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "AXC F 1152 (1151412)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 (2404267)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 3152 (1069208)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 Starterkit (1046568)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "RFC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "RFC 4072S (1051328)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "PLCnext",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "PLCnext Technology Starterkit (1188165)",
"version_value": "2021.0.5 LTS"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34570",
"datePublished": "2021-09-27T08:25:09.502074Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:09:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-27 09:15
Modified
2024-11-21 06:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-029/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-029/ | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:plcnext_technology_starterkit_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D3A000A0-3E09-4CC2-B55B-02FF141E9032",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BDD2FE-0D7C-4868-A5E4-B1004A5C217D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "234711BD-CD61-4A50-9CC7-09619EB68E0B",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D8AB52B3-C3F7-4900-901D-B90C5D877A9C",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D4FC9F69-D10F-47AF-A5BA-B7AB46FB3389",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "17D8F2FA-C7D4-4D79-9356-4E74D7D84133",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "73852309-933E-476F-865E-BC4B25ABF797",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
},
{
"lang": "es",
"value": "M\u00faltiples dispositivos de control Phoenix Contact PLCnext en versiones anteriores a 2021.0.5 LTS, son propensos a un ataque DoS mediante peticiones JSON especialmente dise\u00f1adas"
}
],
"id": "CVE-2021-34570",
"lastModified": "2024-11-21T06:10:43.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T09:15:07.750",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-18 13:15
Modified
2024-11-21 04:20
Severity ?
Summary
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixcontact | axc_f_2152_firmware | * | |
| phoenixcontact | axc_f_2152 | - | |
| phoenixcontact | axc_f_2152_starterkit_firmware | * | |
| phoenixcontact | axc_f_2152_starterkit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E6AFB5-E010-46E0-9BB6-D373332705F4",
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0540D667-F61E-4DEC-A83C-F20EF0CD882D",
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. El acceso f\u00edsico ilimitado al PLC puede conducir a una manipulaci\u00f3n de los datos de las tarjetas SD. La manipulaci\u00f3n de la tarjeta SD puede llevar a una oportunidad de omisi\u00f3n de autenticaci\u00f3n."
}
],
"id": "CVE-2019-10998",
"lastModified": "2024-11-21T04:20:19.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T13:15:10.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-17 18:15
Modified
2024-11-21 04:20
Severity ?
Summary
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixcontact | axc_f_2152_firmware | * | |
| phoenixcontact | axc_f_2152 | - | |
| phoenixcontact | axc_f_2152_starterkit_firmware | * | |
| phoenixcontact | axc_f_2152_starterkit | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E6AFB5-E010-46E0-9BB6-D373332705F4",
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0540D667-F61E-4DEC-A83C-F20EF0CD882D",
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. Fuzzing de protocolo en PC WORX Ingeniero de un hombre en el atacante central detiene el servicio de PLC. El dispositivo debe reiniciarse o el servicio de PLC debe reiniciarse manualmente a trav\u00e9s de un shell de Linux."
}
],
"id": "CVE-2019-10997",
"lastModified": "2024-11-21T04:20:19.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T18:15:10.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}