Vulnerabilites related to PHOENIX CONTACT - AXC F 2152
CVE-2025-41666 (GCVE-0-2025-41666)
Vulnerability from cvelistv5
Published
2025-07-08 07:03
Modified
2025-07-08 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:23:28.624235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:28:36.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized."
}
],
"value": "A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T07:03:38.410Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-054"
}
],
"source": {
"advisory": "VDE-2025-054",
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: File access due to the replacement of a critical file used by the watchdog",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41666",
"datePublished": "2025-07-08T07:03:38.410Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-08T14:28:36.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41665 (GCVE-0-2025-41665)
Vulnerability from cvelistv5
Published
2025-07-08 07:03
Modified
2025-07-08 14:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:09:53.864838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:10:19.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.\u003c/p\u003e"
}
],
"value": "An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T07:03:26.147Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-054"
}
],
"source": {
"advisory": "VDE-2025-054",
"defect": [
"CERT@VDE#641795"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: DoS of the PLC due to incorrect default permissions possible",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41665",
"datePublished": "2025-07-08T07:03:26.147Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-08T14:10:19.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41667 (GCVE-0-2025-41667)
Vulnerability from cvelistv5
Published
2025-07-08 07:03
Modified
2025-07-08 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:23:25.430004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:28:29.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device."
}
],
"value": "A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T07:04:06.715Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-054"
}
],
"source": {
"advisory": "VDE-2025-054",
"defect": [
"CERT@VDE#641795"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41667",
"datePublished": "2025-07-08T07:03:50.761Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-08T14:28:29.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46142 (GCVE-0-2023-46142)
Vulnerability from cvelistv5
Published
2023-12-14 14:05
Modified
2024-08-02 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ 2024.0 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:05:35.741Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-056",
"defect": [
"CERT@VDE#64609"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46142",
"datePublished": "2023-12-14T14:05:35.741Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41668 (GCVE-0-2025-41668)
Vulnerability from cvelistv5
Published
2025-07-08 07:04
Modified
2025-07-08 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:23:22.573108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:28:20.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "2025.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.\u003c/p\u003e"
}
],
"value": "A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T07:04:22.922Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-054"
}
],
"source": {
"advisory": "VDE-2025-054",
"defect": [
"CERT@VDE#641795"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: File access due to the replacement of a critical file used by the service security-profile",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41668",
"datePublished": "2025-07-08T07:04:22.922Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-08T14:28:20.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46144 (GCVE-0-2023-46144)
Vulnerability from cvelistv5
Published
2023-12-14 14:08
Modified
2024-10-01 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | AXC F 1152 |
Version: 0 ≤ 2024.0 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXC F 1152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 2152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC F 3152",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BPC 9102S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1502",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EPC 1522",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072R",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 4072S",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2024.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T06:18:18.730Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"
}
],
"source": {
"advisory": "VDE-2023-058",
"defect": [
"CERT@VDE#64611"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46144",
"datePublished": "2023-12-14T14:08:07.244Z",
"dateReserved": "2023-10-17T07:04:03.577Z",
"dateUpdated": "2024-10-01T06:18:18.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201906-1031
Vulnerability from variot
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact PLCNext AXC F 2152 is a programmable logic controller from Phoenix Contact, Germany. An information-disclosure vulnerability. 2. An authentication-bypass vulnerability. 3. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, perform unauthorized actions and crash the service, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axc f 2152",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2019.0_lts"
},
{
"model": "axc f 2152 starterkit",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2019.0_lts"
},
{
"model": "axc f 2152 starterkit",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "2019.0 lts"
},
{
"model": "axc f 2152",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "2019.0 lts"
},
{
"model": "contact plcnext axc f",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "21521.*"
},
{
"model": "contact axc f starterkit",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "21521.x"
},
{
"model": "contact axc f",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "21521.x"
},
{
"model": "contact axc f starterkit lts",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "21522019.0"
},
{
"model": "contact axc f lts",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "21522019.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:axc_f_2152_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zahra Khani of Firmalyzer and OPC Foundation.",
"sources": [
{
"db": "BID",
"id": "108688"
}
],
"trust": 0.3
},
"cve": "CVE-2019-10998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10998",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-02972",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2019-10998",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10998",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-10998",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-02972",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-092",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact PLCNext AXC F 2152 is a programmable logic controller from Phoenix Contact, Germany. An information-disclosure vulnerability. \n2. An authentication-bypass vulnerability. \n3. A denial-of-service vulnerability. \nAttackers can exploit these issues to bypass the authentication process, obtain sensitive information, perform unauthorized actions and crash the service, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10998"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10998",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-155-01",
"trust": 2.3
},
{
"db": "BID",
"id": "108688",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02972",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"id": "VAR-201906-1031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
}
]
},
"last_update_date": "2024-11-23T21:52:09.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VDE-2019-009",
"trust": 0.8,
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf"
},
{
"title": "Patch for Phoenix Contact PLCNext AXC F 2152 Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/198329"
},
{
"title": "Phoenix Contact PLCNext AXC F 2152 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93181"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/security_advisory_axc_f_2152_fw.pdf"
},
{
"trust": 1.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10998"
},
{
"trust": 0.9,
"url": "https://www.phoenixcontact.com/online/portal/pc/pxc/offcontext/insite_landing_page/!ut/p/z1/xzrrt4mwfiv_dy_kdtc19zhgsowfudkn0bdsogb1fobi0h8v00czwczevjrnzjn33jb9gemixiuzkksjki0o3tnijgbw2l0t8cxnlm-hlvus"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10998"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-01"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108688"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"db": "BID",
"id": "108688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"date": "2019-06-04T00:00:00",
"db": "BID",
"id": "108688"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"date": "2019-06-18T13:15:10.707000",
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02972"
},
{
"date": "2019-06-04T00:00:00",
"db": "BID",
"id": "108688"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005605"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-092"
},
{
"date": "2024-11-21T04:20:19.380000",
"db": "NVD",
"id": "CVE-2019-10998"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-092"
}
],
"trust": 0.6
}
}