VDE-2019-007
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-03-25 11:45 - Updated: 2025-05-14 12:28Summary
PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS)
Notes
Summary: A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.
Impact: If vulnerability is exploited, the attacker may execute system level commands at will with administrative privileges.
Mitigation: Customers using Phoenix Contact 802-11XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.
For detailed information on our recommendations for measures to protect network-capable devices, please refer to the [Application Note:](https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf)
Remediation: The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
8.8 (High)
No Fix Planned
The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.
References
Acknowledgments
CERT@VDE
certvde.com
Maxim Rupp
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Maxim Rupp",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.",
"title": "Summary"
},
{
"category": "description",
"text": "If vulnerability is exploited, the attacker may execute system level commands at will with administrative privileges.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using Phoenix Contact 802-11XD radio modules are recommended to operate the devices in closed networks or protected with a suitable firewall.\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to the [Application Note:](https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf)",
"title": "Mitigation"
},
{
"category": "description",
"text": "The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2019-007: PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS) - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-007"
},
{
"category": "self",
"summary": "VDE-2019-007: PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS) - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-007.json"
}
],
"title": "PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS)",
"tracking": {
"aliases": [
"VDE-2019-007"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-07-16T12:38:50.585Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.8"
}
},
"id": "VDE-2019-007",
"initial_release_date": "2019-03-25T11:45:00.000Z",
"revision_history": [
{
"date": "2019-03-25T11:45:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added alias, added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version term, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RAD-80211-XD",
"product": {
"name": "RAD-80211-XD",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "RAD-80211-XD/HP-BUS",
"product": {
"name": "RAD-80211-XD/HP-BUS",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware all versions",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware all versions installed on RAD-80211-XD",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware all versions installed on RAD-80211-XD/HP-BUS",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9743",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "The product has been removed from active maintenance due to obsolescence. For this reason, it is recommended that concerned customers upgrade to the active FL WLAN product line.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2019-9743"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…