VDE-2020-013

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2020-03-27 09:48 - Updated: 2020-03-27 09:48
Summary
PHOENIX CONTACT: Local Privilege Escalation in Portico Remote desktop control software
Notes
Summary: If the software runs as a service, a user with limited access can gain administrator privileges by starting a shell with administrator rights from the Import / Export configuration dialog.
Impact: A malicious user could use this vulnerability to gain administrator privileges on the Computer running the Portico software.
Remediation: Phoenix Contact strongly recommends users to upgrade to Portico V3.0.8 or higher which fixes this vulnerability. The current version of Portico is available on the Phoenix Contact website external link. Phoenix Contact strongly recommends protection measures against unauthorized access for network-compatible devices, solutions and PC-based software. For detailed information please refer to our application note: Measures to protect network-compatible devices with communication interfaces, solutions and PC-based software against unauthorized access external link
CVE-2020-10940

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-269 - Improper Privilege Management
Vendor Fix Phoenix Contact strongly recommends users to upgrade to Portico V3.0.8 or higher which fixes this vulnerability. The current version of Portico is available on the Phoenix Contact website external link. Phoenix Contact strongly recommends protection measures against unauthorized access for network-compatible devices, solutions and PC-based software. For detailed information please refer to our application note: Measures to protect network-compatible devices with communication interfaces, solutions and PC-based software against unauthorized access external link
References
Acknowledgments
CERT@VDE
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "If the software runs as a service, a user with limited access can gain administrator privileges by starting a shell with administrator rights from the Import / Export configuration dialog.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "A malicious user could use this vulnerability to gain administrator privileges on the Computer running the Portico software.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Phoenix Contact strongly recommends users to upgrade to Portico V3.0.8 or higher which fixes this vulnerability. The current version of Portico is available on the Phoenix Contact website external link.\n\nPhoenix Contact strongly recommends protection measures against unauthorized access for network-compatible devices, solutions and PC-based software. For detailed information please refer to our application note:\n\nMeasures to protect network-compatible devices with communication interfaces, solutions and PC-based software against unauthorized access external link",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-013: PHOENIX CONTACT: Local Privilege Escalation in Portico Remote desktop control software - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2020-013/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-013: PHOENIX CONTACT: Local Privilege Escalation in Portico Remote desktop control software - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-013.json"
      }
    ],
    "title": "PHOENIX CONTACT: Local Privilege Escalation in Portico Remote desktop control software",
    "tracking": {
      "aliases": [
        "VDE-2020-013"
      ],
      "current_release_date": "2020-03-27T09:48:00.000Z",
      "generator": {
        "date": "2025-03-19T11:18:52.367Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.21"
        }
      },
      "id": "VDE-2020-013",
      "initial_release_date": "2020-03-27T09:48:00.000Z",
      "revision_history": [
        {
          "date": "2020-03-27T09:48:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=3.0.7",
                    "product": {
                      "name": "Software PORTICO SERVER 16 CLIENT \u003c=3.0.7",
                      "product_id": "CSAFPID-21001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "V3.0.8",
                    "product": {
                      "name": "PORTICO SERVER 16 CLIENT V3.0.8",
                      "product_id": "CSAFPID-22001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PORTICO SERVER 16 CLIENT"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=3.0.7",
                    "product": {
                      "name": "Software PORTICO SERVER 1 CLIENT \u003c=3.0.7",
                      "product_id": "CSAFPID-21002"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "V3.0.8",
                    "product": {
                      "name": "PORTICO SERVER 1 CLIENT V3.0.8",
                      "product_id": "CSAFPID-22002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PORTICO SERVER 1 CLIENT"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=3.0.7",
                    "product": {
                      "name": "PORTICO SERVER 4 CLIENT \u003c=3.0.7",
                      "product_id": "CSAFPID-21003"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "V3.0.8",
                    "product": {
                      "name": "PORTICO SERVER 4 CLIENT V3.0.8",
                      "product_id": "CSAFPID-22003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PORTICO SERVER 4 CLIENT"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "PHOENIX CONTACT"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-21001",
          "CSAFPID-21002",
          "CSAFPID-21003"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-22001",
          "CSAFPID-22002",
          "CSAFPID-22003"
        ],
        "summary": "Fixed products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-10940",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "description",
          "text": "Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-22001",
          "CSAFPID-22002",
          "CSAFPID-22003"
        ],
        "known_affected": [
          "CSAFPID-21001",
          "CSAFPID-21002",
          "CSAFPID-21003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact strongly recommends users to upgrade to Portico V3.0.8 or higher which fixes this vulnerability. The current version of Portico is available on the Phoenix Contact website external link.\n\nPhoenix Contact strongly recommends protection measures against unauthorized access for network-compatible devices, solutions and PC-based software. For detailed information please refer to our application note:\n\nMeasures to protect network-compatible devices with communication interfaces, solutions and PC-based software against unauthorized access external link",
          "product_ids": [
            "CSAFPID-21001",
            "CSAFPID-21002",
            "CSAFPID-21003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-21001",
            "CSAFPID-21002",
            "CSAFPID-21003"
          ]
        }
      ],
      "title": "CVE-2020-10940"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.