CVE-2020-12518 (GCVE-0-2020-12518)

Vulnerability from cvelistv5 – Published: 2020-12-17 22:43 – Updated: 2024-09-17 01:50
VLAI?
Title
Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
Summary
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact AXC F 1152 (1151412) Affected: unspecified , < 2021.0 LTS (custom)
Create a notification for this product.
Credits
Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AXC F 1152 (1151412)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AXC F 2152 (2404267)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AXC F 3152 (1069208)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RFC 4072S (1051328",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AXC F 2152 Starterkit (1046568)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PLCnext Technology Starterkit (1188165)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "2021.0 LTS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-17T22:43:14",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities."
        }
      ],
      "source": {
        "advisory": "VDE-2020-049",
        "defect": [
          "VDE-2020-049"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.",
      "workarounds": [
        {
          "lang": "en",
          "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
          "ID": "CVE-2020-12518",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AXC F 1152 (1151412)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AXC F 2152 (2404267)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AXC F 3152 (1069208)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RFC 4072S (1051328",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AXC F 2152 Starterkit (1046568)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PLCnext Technology Starterkit (1188165)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "2021.0 LTS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-049",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities."
          }
        ],
        "source": {
          "advisory": "VDE-2020-049",
          "defect": [
            "VDE-2020-049"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12518",
    "datePublished": "2020-12-17T22:43:14.453367Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-17T01:50:39.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2474BD7-C447-4E07-A628-C729E376943D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE2E6118-6587-444A-A143-9C3A1E6ED4FD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57424998-4EAB-4682-BFC4-1D2A621514F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"079A104B-2016-4830-80C1-3AB969106649\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\", \"versionEndExcluding\": \"2021.0\", \"matchCriteriaId\": \"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12BDD2FE-0D7C-4868-A5E4-B1004A5C217D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.\"}, {\"lang\": \"es\", \"value\": \"En Phoenix Contact PLCnext Control Devices versiones anteriores a 2021.0 LTS, un atacante puede utilizar los conocimientos adquiridos al leer la informaci\\u00f3n confidencial que no est\\u00e1 suficientemente protegida para planificar futuros ataques\"}]",
      "id": "CVE-2020-12518",
      "lastModified": "2024-11-21T04:59:51.163",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-17T23:15:12.983",
      "references": "[{\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-049\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-049\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-12518\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2020-12-17T23:15:12.983\",\"lastModified\":\"2024-11-21T04:59:51.163\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.\"},{\"lang\":\"es\",\"value\":\"En Phoenix Contact PLCnext Control Devices versiones anteriores a 2021.0 LTS, un atacante puede utilizar los conocimientos adquiridos al leer la informaci\u00f3n confidencial que no est\u00e1 suficientemente protegida para planificar futuros ataques\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2474BD7-C447-4E07-A628-C729E376943D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE2E6118-6587-444A-A143-9C3A1E6ED4FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57424998-4EAB-4682-BFC4-1D2A621514F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"079A104B-2016-4830-80C1-3AB969106649\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*\",\"versionEndExcluding\":\"2021.0\",\"matchCriteriaId\":\"8233F8C3-5D10-4FD6-B192-39535B7B464C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BDD2FE-0D7C-4868-A5E4-B1004A5C217D\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-049\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.