var-201804-0080
Vulnerability from variot
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. Phoenix Contact ILC PLCs Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. An information disclosure vulnerability exists in Phoenix Contact ILC PLC due to the storage of sensitive information in clear text. The attacker exploited the vulnerability to obtain sensitive information. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. The vulnerability stems from the fact that the program stores and passes passwords in clear text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ilc plcs",
"scope": "eq",
"trust": 1.6,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "ilc programmable logic controller",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "contact ilc plc",
"scope": null,
"trust": 0.6,
"vendor": "phoenix",
"version": null
},
{
"model": "contact ilc plc",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ilc plcs",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:phoenixcontact:ilc_plcs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg.",
"sources": [
{
"db": "BID",
"id": "94163"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8366",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8366",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10999",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97186",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8366",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8366",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8366",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10999",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-313",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97186",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "VULHUB",
"id": "VHN-97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. Phoenix Contact ILC PLCs Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. An information disclosure vulnerability exists in Phoenix Contact ILC PLC due to the storage of sensitive information in clear text. The attacker exploited the vulnerability to obtain sensitive information. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. The vulnerability stems from the fact that the program stores and passes passwords in clear text",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8366"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "VULHUB",
"id": "VHN-97186"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-97186",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97186"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8366",
"trust": 3.6
},
{
"db": "BID",
"id": "94163",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "45586",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10999",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013",
"trust": 0.8
},
{
"db": "IVD",
"id": "8D88DE1D-BE85-461A-8F55-9358C29F50AD",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149763",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97186",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "VULHUB",
"id": "VHN-97186"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"id": "VAR-201804-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "VULHUB",
"id": "VHN-97186"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
}
]
},
"last_update_date": "2024-11-23T22:17:36.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/jp?1dmy\u0026urile=wcm%3apath%3a/jpja/web/home"
},
{
"title": "Patch for Phoenix Contact ILC Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83809"
},
{
"title": "Phoenix Contact ILC PLC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65681"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/94163"
},
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-313-01"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45586/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8366"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8366"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "VULHUB",
"id": "VHN-97186"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"db": "VULHUB",
"id": "VHN-97186"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97186"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"date": "2018-04-05T16:29:00.220000",
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10999"
},
{
"date": "2018-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97186"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009013"
},
{
"date": "2018-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-313"
},
{
"date": "2024-11-21T02:59:13.943000",
"db": "NVD",
"id": "CVE-2016-8366"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact ILC Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10999"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "8d88de1d-be85-461a-8f55-9358c29f50ad"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-313"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…