FKIE_CVE-2020-9435

Vulnerability from fkie_nvd - Published: 2020-03-12 14:15 - Updated: 2024-11-21 05:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.
References
cve@mitre.orghttp://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.htmlExploit, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2020/Mar/15Exploit, Third Party Advisory
cve@mitre.orghttps://cert.vde.com/en-us/advisories/Third Party Advisory
cve@mitre.orghttps://cert.vde.com/en-us/advisories/vde-2020-003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2020/Mar/15Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2020-003Third Party Advisory
Impacted products
Vendor Product Version
phoenixcontact tc_router_3002t-4g_firmware *
phoenixcontact tc_router_3002t-4g -
phoenixcontact tc_router_2002t-3g_firmware *
phoenixcontact tc_router_2002t-3g -
phoenixcontact tc_router_3002t-4g_vzw_firmware *
phoenixcontact tc_router_3002t-4g_vzw -
phoenixcontact tc_router_3002t-4g_att_firmware *
phoenixcontact tc_router_3002t-4g_att -
phoenixcontact tc_cloud_client_1002-4g_firmware *
phoenixcontact tc_cloud_client_1002-4g -
phoenixcontact tc_cloud_client_1002-txtx_firmware *
phoenixcontact tc_cloud_client_1002-txtx -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E46423-DD39-4CC3-8F01-4197F96F198F",
              "versionEndIncluding": "2.05.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_router_3002t-4g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34273B74-2964-4DDF-B464-6D312528366B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_router_2002t-3g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "151B6B99-65C3-4383-A420-E6D16E033176",
              "versionEndIncluding": "2.05.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_router_2002t-3g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CC1B25-5F26-4FE5-ABFD-A82BED8B8C93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_vzw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C40123-D686-4816-9D2C-E55F64D19E6C",
              "versionEndIncluding": "2.05.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_vzw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9B96D9-DBCD-4858-94B1-CFE5AF2DD35E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_att_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0433B02A-59BA-4DEA-881B-94F653B6F181",
              "versionEndIncluding": "2.05.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_att:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C2CB341-1DD5-4A74-A6D4-5AA7F01E50BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73E3ABC-1897-49E7-9B80-35E787CD0AD9",
              "versionEndIncluding": "2.03.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42AB40F-8156-4C5C-86DC-8F10E6C70F4D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-txtx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9F99AC-E317-4AC7-8AEF-F268ABFE0A49",
              "versionEndIncluding": "1.03.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-txtx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29F8CCF-9CF2-4227-AF2C-84218F1C19E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation."
    },
    {
      "lang": "es",
      "value": "PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, TC ROUTER 3002T-4G ATT versiones hasta 2.05.3, TC CLOUD CLIENTE 1002-4G versiones hasta 2.03.17, y los dispositivos TC CLOUD CLIENTE 1002-TXTX versiones hasta 1.03.17, contienen un certificado embebido (y clave) que es usado por defecto para los servicios basados ??en web en el dispositivo. Los ataques de suplantaci\u00f3n, de tipo man-in-the-middle o de descifrado pasivo son posibles si el certificado gen\u00e9rico no es reemplazado por un certificado espec\u00edfico del dispositivo durante la instalaci\u00f3n."
    }
  ],
  "id": "CVE-2020-9435",
  "lastModified": "2024-11-21T05:40:38.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-12T14:15:21.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Mar/15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Mar/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-003"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.