CVE-2014-9195

Опубликовано: 17 янв. 2015

Источник: nvd

CVSS2: 10

CVSS2: 7.5

EPSS Высокий

Описание

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-03
https://www.exploit-db.com/exploits/37066/
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-03
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/37066/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:*:*:*:*

cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:express:*:*:*

cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:pro\+:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:single_chip:*:*:*

cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:softplc:*:*:*

cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:visual_studio:*:*:*

EPSS

Процентиль: 99%

0.82494

Высокий

10 Critical

CVSS2

7.5 High

CVSS2

Дефекты

CWE-306

CWE-255

Связанные уязвимости

GHSA-qp5x-q9h8-gxm5

github

больше 3 лет назад

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

EPSS

Процентиль: 99%

0.82494

Высокий

10 Critical

CVSS2

7.5 High

CVSS2

Дефекты

CWE-306

CWE-255