CVE-2019-10997

Опубликовано: 17 июн. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 7.1

EPSS Низкий

Описание

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.

Ссылки

https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf
Mitigation
Vendor Advisory
https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*

Версия до 2019.0_lts (исключая)

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:*:*:*:*

Версия до 2019.0_lts (исключая)

cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00345

Низкий

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-644p-jwhv-rxr7