VAR-201804-0082
Vulnerability from variot - Updated: 2023-12-18 13:08The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. Phoenix Contact ILC PLC is prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ilc plcs",
"scope": "eq",
"trust": 1.6,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "ilc programmable logic controller",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "contact ilc plc",
"scope": null,
"trust": 0.6,
"vendor": "phoenix",
"version": null
},
{
"model": "contact ilc plc",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ilc plcs",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:ilc_plcs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:ilc_plcs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8380"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg.",
"sources": [
{
"db": "BID",
"id": "94163"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8380",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8380",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10997",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97200",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8380",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8380",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-10997",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-315",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97200",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "VULHUB",
"id": "VHN-97200"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. Phoenix Contact ILC PLC is prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "VULHUB",
"id": "VHN-97200"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-97200",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97200"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8380",
"trust": 3.6
},
{
"db": "BID",
"id": "94163",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "45590",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10997",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006",
"trust": 0.8
},
{
"db": "IVD",
"id": "98950ED2-7AEC-4D4D-BB48-4C87EDDBF7EE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97200",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "VULHUB",
"id": "VHN-97200"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"id": "VAR-201804-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "VULHUB",
"id": "VHN-97200"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
}
]
},
"last_update_date": "2023-12-18T13:08:31.787000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/jp?1dmy\u0026urile=wcm%3apath%3a/jpja/web/home"
},
{
"title": "Phoenix Contact ILC Security Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83812"
},
{
"title": "Phoenix Contact ILC PLC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65683"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97200"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-313-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94163"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45590/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8380"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8380"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "VULHUB",
"id": "VHN-97200"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"db": "VULHUB",
"id": "VHN-97200"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97200"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"date": "2018-04-05T16:29:00.330000",
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10997"
},
{
"date": "2018-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97200"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009006"
},
{
"date": "2018-10-14T10:29:00.973000",
"db": "NVD",
"id": "CVE-2016-8380"
},
{
"date": "2018-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact ILC Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98950ed2-7aec-4d4d-bb48-4c87eddbf7ee"
},
{
"db": "CNVD",
"id": "CNVD-2016-10997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-315"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…