CVE-2018-16994

Опубликовано: 18 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.4 (включая)

cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware:*:*:*:*:*:*:*:*

Версия до 1.12 (включая)

cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware:*:*:*:*:*:*:*:*

Версия до 1.11 (включая)

cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00873

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fjq9-2cmr-75cm

github

больше 3 лет назад

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices. Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

EPSS

Процентиль: 75%

0.00873

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-noinfo