var-201906-1031
Vulnerability from variot
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact PLCNext AXC F 2152 is a programmable logic controller from Phoenix Contact, Germany. An information-disclosure vulnerability. 2. An authentication-bypass vulnerability. 3. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, perform unauthorized actions and crash the service, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axc f 2152 starterkit",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2019.0_lts"
},
{
"model": "axc f 2152",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2019.0_lts"
},
{
"model": "axc f 2152 starterkit",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "2019.0 lts"
},
{
"model": "axc f 2152",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "2019.0 lts"
},
{
"model": "contact plcnext axc f",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "21521.*"
},
{
"model": "contact axc f starterkit",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "21521.x"
},
{
"model": "contact axc f",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "21521.x"
},
{
"model": "contact axc f starterkit lts",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "21522019.0"
},
{
"model": "contact axc f lts",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "21522019.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.0_lts",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zahra Khani of Firmalyzer and OPC Foundation.",
"sources": [
{
"db": "BID",
"id": "108688"
}
],
"trust": 0.3
},
"cve": "CVE-2019-10998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10998",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-02972",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10998",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10998",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-02972",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-092",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact PLCNext AXC F 2152 is a programmable logic controller from Phoenix Contact, Germany. An information-disclosure vulnerability. \n2. An authentication-bypass vulnerability. \n3. A denial-of-service vulnerability. \nAttackers can exploit these issues to bypass the authentication process, obtain sensitive information, perform unauthorized actions and crash the service, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10998",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-155-01",
"trust": 2.3
},
{
"db": "BID",
"id": "108688",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02972",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"id": "VAR-201906-1031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
}
]
},
"last_update_date": "2023-12-18T13:18:41.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VDE-2019-009",
"trust": 0.8,
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/security_advisory_axc_f_2152_fw.pdf"
},
{
"title": "Patch for Phoenix Contact PLCNext AXC F 2152 Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/198329"
},
{
"title": "Phoenix Contact PLCNext AXC F 2152 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93181"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/security_advisory_axc_f_2152_fw.pdf"
},
{
"trust": 1.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10998"
},
{
"trust": 0.9,
"url": "https://www.phoenixcontact.com/online/portal/pc/pxc/offcontext/insite_landing_page/!ut/p/z1/xzrrt4mwfiv_dy_kdtc19zhgsowfudkn0bdsogb1fobi0h8v00czwczevjrnzjn33jb9gemixiuzkksjki0o3tnijgbw2l0t8cxnlm-hlvus"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10998"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-01"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108688"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"date": "2019-06-04T00:00:00",
"db": "BID",
"id": "108688"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"date": "2019-06-18T13:15:10.707000",
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"date": "2019-06-04T00:00:00",
"db": "BID",
"id": "108688"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"date": "2019-06-20T20:15:57.857000",
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.