var-201804-0081
Vulnerability from variot
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ilc plcs",
"scope": "eq",
"trust": 1.6,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "ilc programmable logic controller",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "contact ilc plc",
"scope": null,
"trust": 0.6,
"vendor": "phoenix",
"version": null
},
{
"model": "contact ilc plc",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ilc plcs",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:phoenixcontact:ilc_plcs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg.",
"sources": [
{
"db": "BID",
"id": "94163"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10998",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0211a82b-8961-455d-a8ed-a6f084997adb",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97191",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8371",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8371",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8371",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10998",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-314",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97191",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "VULHUB",
"id": "VHN-97191"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "VULHUB",
"id": "VHN-97191"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-97191",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97191"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8371",
"trust": 3.6
},
{
"db": "BID",
"id": "94163",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "45590",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10998",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005",
"trust": 0.8
},
{
"db": "IVD",
"id": "0211A82B-8961-455D-A8ED-A6F084997ADB",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149776",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97191",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "VULHUB",
"id": "VHN-97191"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"id": "VAR-201804-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "VULHUB",
"id": "VHN-97191"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
}
]
},
"last_update_date": "2024-11-23T22:17:36.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/jp?1dmy\u0026urile=wcm%3apath%3a/jpja/web/home"
},
{
"title": "Phoenix Contact ILC authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83811"
},
{
"title": "Phoenix Contact ILC PLC Fixes for authentication bypassing vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-592",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97191"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-313-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94163"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45590/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8371"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8371"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "VULHUB",
"id": "VHN-97191"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"db": "VULHUB",
"id": "VHN-97191"
},
{
"db": "BID",
"id": "94163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97191"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"date": "2018-04-05T16:29:00.283000",
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10998"
},
{
"date": "2018-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97191"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94163"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009005"
},
{
"date": "2018-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-314"
},
{
"date": "2024-11-21T02:59:14.550000",
"db": "NVD",
"id": "CVE-2016-8371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact ILC Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0211a82b-8961-455d-a8ed-a6f084997adb"
},
{
"db": "CNVD",
"id": "CNVD-2016-10998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-314"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…