Search criteria
9 vulnerabilities found for axc_f_1152_firmware by phoenixcontact
FKIE_CVE-2023-46144
Vulnerability from fkie_nvd - Published: 2023-12-14 14:15 - Updated: 2024-11-21 08:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F7B2-43D1-43CB-B611-B57487E9AE53",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA16E9E-ADBB-4943-AE2D-7C49F882A809",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E28DCF3B-C26E-44BE-BCA1-0AED56326FC3",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97B1250-2830-4EFC-9393-DF96E129E16D",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "346E85EB-8800-40C7-A7DA-EA587CF90F08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E7E962-9BA0-418B-8A43-541C5278C9ED",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85AF0A71-02C4-4CFF-A820-5C326F066024",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3671BE8-A1DE-444E-9A24-5C86E4F0BBF1",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD531B6-09DA-4B4A-AA7C-C2A54B089C67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A5C5E9-4F2C-44BC-8B64-29D25C789643",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1D89DD-1717-4E84-8A33-82AA29594E7D",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65D9C540-F273-4EA8-8FF6-95DF46B01D89",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E633B5AB-BD27-461D-8083-20CC1C768D34",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
},
{
"lang": "es",
"value": "Una descarga de c\u00f3digo sin vulnerabilidad de verificaci\u00f3n de integridad en los productos PLCnext permite que un atacante remoto con privilegios bajos comprometa la integridad de la estaci\u00f3n de ingenier\u00eda afectada y los dispositivos conectados."
}
],
"id": "CVE-2023-46144",
"lastModified": "2024-11-21T08:27:58.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-12-14T14:15:43.447",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Broken Link"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-46142
Vulnerability from fkie_nvd - Published: 2023-12-14 14:15 - Updated: 2024-11-21 08:27
Severity ?
Summary
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F7B2-43D1-43CB-B611-B57487E9AE53",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA16E9E-ADBB-4943-AE2D-7C49F882A809",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E28DCF3B-C26E-44BE-BCA1-0AED56326FC3",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97B1250-2830-4EFC-9393-DF96E129E16D",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "346E85EB-8800-40C7-A7DA-EA587CF90F08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E7E962-9BA0-418B-8A43-541C5278C9ED",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85AF0A71-02C4-4CFF-A820-5C326F066024",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3671BE8-A1DE-444E-9A24-5C86E4F0BBF1",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD531B6-09DA-4B4A-AA7C-C2A54B089C67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A5C5E9-4F2C-44BC-8B64-29D25C789643",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1D89DD-1717-4E84-8A33-82AA29594E7D",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65D9C540-F273-4EA8-8FF6-95DF46B01D89",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E633B5AB-BD27-461D-8083-20CC1C768D34",
"versionEndIncluding": "2024.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
},
{
"lang": "es",
"value": "Una asignaci\u00f3n de permiso incorrecta para una vulnerabilidad de recursos cr\u00edticos en los productos PLCnext permite que un atacante remoto con privilegios bajos obtenga acceso completo a los dispositivos afectados."
}
],
"id": "CVE-2023-46142",
"lastModified": "2024-11-21T08:27:58.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2023-12-14T14:15:42.983",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Broken Link"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-34570
Vulnerability from fkie_nvd - Published: 2021-09-27 09:15 - Updated: 2024-11-21 06:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-029/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-029/ | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:plcnext_technology_starterkit_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D3A000A0-3E09-4CC2-B55B-02FF141E9032",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BDD2FE-0D7C-4868-A5E4-B1004A5C217D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "234711BD-CD61-4A50-9CC7-09619EB68E0B",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D8AB52B3-C3F7-4900-901D-B90C5D877A9C",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "D4FC9F69-D10F-47AF-A5BA-B7AB46FB3389",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "17D8F2FA-C7D4-4D79-9356-4E74D7D84133",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "73852309-933E-476F-865E-BC4B25ABF797",
"versionEndExcluding": "2021.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
},
{
"lang": "es",
"value": "M\u00faltiples dispositivos de control Phoenix Contact PLCnext en versiones anteriores a 2021.0.5 LTS, son propensos a un ataque DoS mediante peticiones JSON especialmente dise\u00f1adas"
}
],
"id": "CVE-2021-34570",
"lastModified": "2024-11-21T06:10:43.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T09:15:07.750",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
CVE-2023-46144 (GCVE-0-2023-46144)
Vulnerability from cvelistv5 – Published: 2023-12-14 14:08 – Updated: 2024-10-01 06:18
VLAI?
Summary
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
Severity ?
6.5 (Medium)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PHOENIX CONTACT | AXC F 1152 |
Affected:
0 , ≤ 2024.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Reid Wightman of Dragos, Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T06:18:18.730Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-058",
"defect": [
"CERT@VDE#64611"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46144",
"datePublished": "2023-12-14T14:08:07.244Z",
"dateReserved": "2023-10-17T07:04:03.577Z",
"dateUpdated": "2024-10-01T06:18:18.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46142 (GCVE-0-2023-46142)
Vulnerability from cvelistv5 – Published: 2023-12-14 14:05 – Updated: 2024-08-02 20:37
VLAI?
Summary
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PHOENIX CONTACT | AXC F 1152 |
Affected:
0 , ≤ 2024.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Reid Wightman of Dragos, Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:05:35.741Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-056",
"defect": [
"CERT@VDE#64609"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46142",
"datePublished": "2023-12-14T14:05:35.741Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34570 (GCVE-0-2021-34570)
Vulnerability from cvelistv5 – Published: 2021-09-27 08:25 – Updated: 2024-09-16 22:09
VLAI?
Summary
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | AXC F |
Affected:
AXC F 1152 (1151412) , < 2021.0.5 LTS
(custom)
Affected: AXC F 2152 (2404267) , < 2021.0.5 LTS (custom) Affected: AXC F 3152 (1069208) , < 2021.0.5 LTS (custom) Affected: AXC F 2152 Starterkit (1046568) , < 2021.0.5 LTS (custom) |
||||||||||||
|
||||||||||||||
Credits
The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AXC F",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 1152 (1151412)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 (2404267)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 3152 (1069208)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 Starterkit (1046568)",
"versionType": "custom"
}
]
},
{
"product": "RFC",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "RFC 4072S (1051328)",
"versionType": "custom"
}
]
},
{
"product": "PLCnext",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "PLCnext Technology Starterkit (1188165)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"datePublic": "2021-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T08:25:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"solutions": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS",
"workarounds": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-03T22:00:00.000Z",
"ID": "CVE-2021-34570",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AXC F",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "AXC F 1152 (1151412)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 (2404267)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 3152 (1069208)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 Starterkit (1046568)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "RFC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "RFC 4072S (1051328)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "PLCnext",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "PLCnext Technology Starterkit (1188165)",
"version_value": "2021.0.5 LTS"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34570",
"datePublished": "2021-09-27T08:25:09.502074Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:09:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46144 (GCVE-0-2023-46144)
Vulnerability from nvd – Published: 2023-12-14 14:08 – Updated: 2024-10-01 06:18
VLAI?
Summary
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
Severity ?
6.5 (Medium)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PHOENIX CONTACT | AXC F 1152 |
Affected:
0 , ≤ 2024.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Reid Wightman of Dragos, Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T06:18:18.730Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-058",
"defect": [
"CERT@VDE#64611"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46144",
"datePublished": "2023-12-14T14:08:07.244Z",
"dateReserved": "2023-10-17T07:04:03.577Z",
"dateUpdated": "2024-10-01T06:18:18.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46142 (GCVE-0-2023-46142)
Vulnerability from nvd – Published: 2023-12-14 14:05 – Updated: 2024-08-02 20:37
VLAI?
Summary
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PHOENIX CONTACT | AXC F 1152 |
Affected:
0 , ≤ 2024.0
(semver)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Reid Wightman of Dragos, Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:05:35.741Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-056",
"defect": [
"CERT@VDE#64609"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46142",
"datePublished": "2023-12-14T14:05:35.741Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34570 (GCVE-0-2021-34570)
Vulnerability from nvd – Published: 2021-09-27 08:25 – Updated: 2024-09-16 22:09
VLAI?
Summary
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | AXC F |
Affected:
AXC F 1152 (1151412) , < 2021.0.5 LTS
(custom)
Affected: AXC F 2152 (2404267) , < 2021.0.5 LTS (custom) Affected: AXC F 3152 (1069208) , < 2021.0.5 LTS (custom) Affected: AXC F 2152 Starterkit (1046568) , < 2021.0.5 LTS (custom) |
||||||||||||
|
||||||||||||||
Credits
The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AXC F",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 1152 (1151412)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 (2404267)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 3152 (1069208)",
"versionType": "custom"
},
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "AXC F 2152 Starterkit (1046568)",
"versionType": "custom"
}
]
},
{
"product": "RFC",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "RFC 4072S (1051328)",
"versionType": "custom"
}
]
},
{
"product": "PLCnext",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "2021.0.5 LTS",
"status": "affected",
"version": "PLCnext Technology Starterkit (1188165)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"datePublic": "2021-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T08:25:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
],
"solutions": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS",
"workarounds": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-03T22:00:00.000Z",
"ID": "CVE-2021-34570",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AXC F",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "AXC F 1152 (1151412)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 (2404267)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 3152 (1069208)",
"version_value": "2021.0.5 LTS"
},
{
"version_affected": "\u003c",
"version_name": "AXC F 2152 Starterkit (1046568)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "RFC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "RFC 4072S (1051328)",
"version_value": "2021.0.5 LTS"
}
]
}
},
{
"product_name": "PLCnext",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "PLCnext Technology Starterkit (1188165)",
"version_value": "2021.0.5 LTS"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-029/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2021-029",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34570",
"datePublished": "2021-09-27T08:25:09.502074Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:09:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}