Vulnerability-Lookup

VDE-2019-015

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-08-07 00:00 - Updated: 2025-07-11 07:00

Summary

PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers

Notes

Summary: Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial networks. The communication protocols used for device management and configuration do not feature authentication measures. Update A, 2022-06-21 This updated version contains additional affected products.In addition, a new application note for classic line controllers had been published to make it easier for our customers to find out the actions how to disable the unauthorized communication ports instead of checking out each controller's manual.

Impact: If the above-mentioned controllers are used in an unprotected open network, an unauthorized attacker can change or download the device code/configuration, start or stop services, update or modify the firmware or shutdown the device.

Mitigation: Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note external link for classic line controllers. If the use of an affected controller in protected zones is not suitable OT communication protocols should be disabled. Either by using the CPU services via console or Web-based Management according to the controller type. Information's for which controllers and from which firmware version communication protocols can be disabled are described in our application note for classic line controllers or the manual to the respective controller which is available for download at the Phoenix Contact website. Controller supporting CPU services or WBM for disabling communication protocols: | Article | Article Number | Minimum firmware version | |----------------------|----------------|----------------------------------| | ILC 1x0 | All variants | not possible | | ILC 1x1 | All variants | >= FW 4.42 | | ILC 1x1 GSM/GPRS | 2700977 | >= FW 4.42 | | ILC 3xx | All variants | FW 3.98 | | AXC 1050 | 2700988 | >= FW 3.01, FW 5.00 (WBM) | | AXC 1050 XC | 2701295 | >= FW 3.01, FW 5.00 (WBM) | | AXC 3050 | 2700989 | >= FW 5.60, FW 6.30 (WBM) | | RFC 480S PN 4TX | 2404577 | FW 6.10 | | RFC 470 PN 3TX | 2916600 | >= FW 4.20 | | RFC 470S PN 3TX | 2916794 | >= FW 4.20 | | RFC 460R PN 3TX | 2700784 | >= FW 5.00 | | RFC 460R PN 3TX-S | 1096407 | FW 5.30 | | RFC 430 ETH-IB | 2730190 | not possible | | RFC 450 ETH-IB | 2730200 | not possible | | PC WORX SRT | 2701680 | not possible | | PC WORX RT BASIC | 2700291 | not possible | | FC 350 PCI ETH | 2730844 | not possible |

CVE-2019-9201

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Mitigation Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note external link for classic line controllers. If the use of an affected controller in protected zones is not suitable OT communication protocols should be disabled. Either by using the CPU services via console or Web-based Management according to the controller type. Information's for which controllers and from which firmware version communication protocols can be disabled are described in our application note for classic line controllers or the manual to the respective controller which is available for download at the Phoenix Contact website. Controller supporting CPU services or WBM for disabling communication protocols: | Article | Article Number | Minimum firmware version | |----------------------|----------------|----------------------------------| | ILC 1x0 | All variants | not possible | | ILC 1x1 | All variants | >= FW 4.42 | | ILC 1x1 GSM/GPRS | 2700977 | >= FW 4.42 | | ILC 3xx | All variants | FW 3.98 | | AXC 1050 | 2700988 | >= FW 3.01, FW 5.00 (WBM) | | AXC 1050 XC | 2701295 | >= FW 3.01, FW 5.00 (WBM) | | AXC 3050 | 2700989 | >= FW 5.60, FW 6.30 (WBM) | | RFC 480S PN 4TX | 2404577 | FW 6.10 | | RFC 470 PN 3TX | 2916600 | >= FW 4.20 | | RFC 470S PN 3TX | 2916794 | >= FW 4.20 | | RFC 460R PN 3TX | 2700784 | >= FW 5.00 | | RFC 460R PN 3TX-S | 1096407 | FW 5.30 | | RFC 430 ETH-IB | 2730190 | not possible | | RFC 450 ETH-IB | 2730200 | not possible | | PC WORX SRT | 2701680 | not possible | | PC WORX RT BASIC | 2700291 | not possible | | FC 350 PCI ETH | 2730844 | not possible |

References

URL

Category

	https://certvde.com/en/advisories/vendor/phoenixc…	external
	https://certvde.com/de/advisories/VDE-2019-015/	self
	https://phoenixcontact.csaf-tp.certvde.com/.well-…	self

Acknowledgments

CERT@VDE

Forescout

Sergiu Sechel

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "organization": "Forescout",
        "summary": "re-discovered"
      },
      {
        "organization": "Sergiu Sechel",
        "summary": "reported"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial networks. The communication protocols used for device management and configuration do not feature authentication measures.\nUpdate A, 2022-06-21\nThis updated version contains additional affected products.In addition, a new application note for classic line controllers had been published to make it easier for our customers to find out the actions how to disable the unauthorized communication ports instead of checking out each controller\u0027s manual.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If the above-mentioned controllers are used in an unprotected open network, an unauthorized attacker can change or download the device code/configuration, start or stop services, update or modify the firmware or shutdown the device.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.\n\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note external link for classic line controllers.\n\nIf the use of an affected controller in protected zones is not suitable OT communication protocols should be disabled. Either by using the CPU services via console or Web-based Management according to the controller type.\nInformation\u0027s for which controllers and from which firmware version communication protocols can be disabled are described in our application note for classic line controllers or the manual to the respective controller which is available for download at the Phoenix Contact website.\n\nController supporting CPU services or WBM for disabling communication protocols:\n\n| Article              | Article Number | Minimum firmware version         |\n|----------------------|----------------|----------------------------------|\n| ILC 1x0              | All variants   | not possible                     |\n| ILC 1x1              | All variants   | \u003e= FW 4.42                       |\n| ILC 1x1 GSM/GPRS     | 2700977        | \u003e= FW 4.42                       |\n| ILC 3xx              | All variants   | FW 3.98                          |\n| AXC 1050             | 2700988        | \u003e= FW 3.01, FW 5.00 (WBM)        |\n| AXC 1050 XC          | 2701295        | \u003e= FW 3.01, FW 5.00 (WBM)        |\n| AXC 3050             | 2700989        | \u003e= FW 5.60, FW 6.30 (WBM)        |\n| RFC 480S PN 4TX      | 2404577        | FW 6.10                          |\n| RFC 470 PN 3TX       | 2916600        | \u003e= FW 4.20                       |\n| RFC 470S PN 3TX      | 2916794        | \u003e= FW 4.20                       |\n| RFC 460R PN 3TX      | 2700784        | \u003e= FW 5.00                       |\n| RFC 460R PN 3TX-S    | 1096407        | FW 5.30                          |\n| RFC 430 ETH-IB       | 2730190        | not possible                     |\n| RFC 450 ETH-IB       | 2730200        | not possible                     |\n| PC WORX SRT          | 2701680        | not possible                     |\n| PC WORX RT BASIC     | 2700291        | not possible                     |\n| FC 350 PCI ETH       | 2730844        | not possible                     |",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for \tPHOENIX CONTACT",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-015: PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2019-015/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-015: PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-015.json"
      }
    ],
    "title": "PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers",
    "tracking": {
      "aliases": [
        "VDE-2019-015"
      ],
      "current_release_date": "2025-07-11T07:00:00.000Z",
      "generator": {
        "date": "2025-07-11T06:53:15.755Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.29"
        }
      },
      "id": "VDE-2019-015",
      "initial_release_date": "2019-08-07T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2019-08-07T00:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2022-06-21T05:14:00.000Z",
          "number": "2.0.0",
          "summary": "final version."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "3.0.0",
          "summary": "Fix: correct certvde domain, added alias, added self-reference"
        },
        {
          "date": "2025-02-12T16:48:47.000Z",
          "number": "4.0.0",
          "summary": "Fix: corrected self-reference, fixed version"
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "5.0.0",
          "summary": "Fix: version term, quotation mark"
        },
        {
          "date": "2025-06-04T08:00:00.000Z",
          "number": "6.0.0",
          "summary": "Fix: Version Range"
        },
        {
          "date": "2025-07-11T06:30:00.000Z",
          "number": "6.0.1",
          "summary": "Fixed vendor name in product tree.\nSwitched to Semver versioning in document revisions."
        },
        {
          "date": "2025-07-11T07:00:00.000Z",
          "number": "7.0.0",
          "summary": "Increased major version due to changes to the product tree in the previous version."
        }
      ],
      "status": "final",
      "version": "7.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "AXC 1050",
                "product": {
                  "name": "AXC 1050",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700988"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "AXC 1050 XC",
                "product": {
                  "name": "AXC 1050 XC",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2701295"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "AXC 3050",
                "product": {
                  "name": "AXC 3050",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700989"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FC 350 PCI ETH",
                "product": {
                  "name": "FC 350 PCI ETH",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2730844"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "ILC1x0",
                "product": {
                  "name": "ILC1x0",
                  "product_id": "CSAFPID-11005"
                }
              },
              {
                "category": "product_name",
                "name": "ILC1x1",
                "product": {
                  "name": "ILC1x1",
                  "product_id": "CSAFPID-11006"
                }
              },
              {
                "category": "product_name",
                "name": "ILC 1x1 GSM/GPRS",
                "product": {
                  "name": "ILC 1x1 GSM/GPRS",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700977"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PC WORX RT BASIC",
                "product": {
                  "name": "PC WORX RT BASIC",
                  "product_id": "CSAFPID-11008",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700291"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PC WORX SRT",
                "product": {
                  "name": "PC WORX SRT",
                  "product_id": "CSAFPID-11009",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2701680"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 430 ETH-IB",
                "product": {
                  "name": "RFC 430 ETH-IB",
                  "product_id": "CSAFPID-11010",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2730190"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 450 ETH-IB",
                "product": {
                  "name": "RFC 450 ETH-IB",
                  "product_id": "CSAFPID-11011",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2730200"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 460R PN 3TX",
                "product": {
                  "name": "RFC 460R PN 3TX",
                  "product_id": "CSAFPID-11012",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700784"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 460R PN 3TX-S",
                "product": {
                  "name": "RFC 460R PN 3TX-S",
                  "product_id": "CSAFPID-11013",
                  "product_identification_helper": {
                    "model_numbers": [
                      "1096407"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 470 PN 3TX",
                "product": {
                  "name": "RFC 470 PN 3TX",
                  "product_id": "CSAFPID-11014",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2916600"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 470S PN 3TX",
                "product": {
                  "name": "RFC 470S PN 3TX",
                  "product_id": "CSAFPID-11015",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2916794"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RFC 480S PN 4TX",
                "product": {
                  "name": "RFC 480S PN 4TX",
                  "product_id": "CSAFPID-11016",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2404577"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Firmware vers:all/*",
                  "product_id": "CSAFPID-21001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact GmbH \u0026 Co. KG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on AXC 1050",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on AXC 1050 XC",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on AXC 3050",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on FC 350 PCI ETH",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ILC1x0",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ILC1x1",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ILC 1x1 GSM/GPRS",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on PC WORX RT BASIC",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on PC WORX SRT",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 430 ETH-IB",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 450 ETH-IB",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 460R PN 3TX",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 460R PN 3TX-S",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 470 PN 3TX",
          "product_id": "CSAFPID-31014"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 470S PN 3TX",
          "product_id": "CSAFPID-31015"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on RFC 480S PN 4TX",
          "product_id": "CSAFPID-31016"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11016"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-9201",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or protected with a suitable firewall as intended.\n\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note external link for classic line controllers.\n\nIf the use of an affected controller in protected zones is not suitable OT communication protocols should be disabled. Either by using the CPU services via console or Web-based Management according to the controller type.\nInformation\u0027s for which controllers and from which firmware version communication protocols can be disabled are described in our application note for classic line controllers or the manual to the respective controller which is available for download at the Phoenix Contact website.\n\nController supporting CPU services or WBM for disabling communication protocols:\n\n| Article              | Article Number | Minimum firmware version         |\n|----------------------|----------------|----------------------------------|\n| ILC 1x0              | All variants   | not possible                     |\n| ILC 1x1              | All variants   | \u003e= FW 4.42                       |\n| ILC 1x1 GSM/GPRS     | 2700977        | \u003e= FW 4.42                       |\n| ILC 3xx              | All variants   | FW 3.98                          |\n| AXC 1050             | 2700988        | \u003e= FW 3.01, FW 5.00 (WBM)        |\n| AXC 1050 XC          | 2701295        | \u003e= FW 3.01, FW 5.00 (WBM)        |\n| AXC 3050             | 2700989        | \u003e= FW 5.60, FW 6.30 (WBM)        |\n| RFC 480S PN 4TX      | 2404577        | FW 6.10                          |\n| RFC 470 PN 3TX       | 2916600        | \u003e= FW 4.20                       |\n| RFC 470S PN 3TX      | 2916794        | \u003e= FW 4.20                       |\n| RFC 460R PN 3TX      | 2700784        | \u003e= FW 5.00                       |\n| RFC 460R PN 3TX-S    | 1096407        | FW 5.30                          |\n| RFC 430 ETH-IB       | 2730190        | not possible                     |\n| RFC 450 ETH-IB       | 2730200        | not possible                     |\n| PC WORX SRT          | 2701680        | not possible                     |\n| PC WORX RT BASIC     | 2700291        | not possible                     |\n| FC 350 PCI ETH       | 2730844        | not possible                     |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016"
          ]
        }
      ],
      "title": "CVE-2019-9201"
    }
  ]
}

BDU:2022-03728

Vulnerability from fstec - Published: 21.06.2022

Title

Уязвимость микропрограммного обеспечения программируемых логических контроллеров ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, FC 350 PCI ETH, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или оказать воздействие на целостность информации

Description

Уязвимость микропрограммного обеспечения программируемых логических контроллеров ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, FC 350 PCI ETH связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации или оказать воздействие на целостность информации, установив TCP-сеанс на порт 1962

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Phoenix Contact GmbH & Co. KG

Software Name

AXC 1050, AXC 1050 XC, AXC 3050, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 1x1 GSM/GPRS, ILC 3xx, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX

Software Version

- (AXC 1050), - (AXC 1050 XC), - (AXC 3050), - (FC 350 PCI ETH), - (ILC1x0), - (ILC1x1), - (ILC 1x1 GSM/GPRS), - (ILC 3xx), - (PC WORX RT BASIC), - (PC WORX SRT), - (RFC 430 ETH-IB), - (RFC 450 ETH-IB), - (RFC 460R PN 3TX), - (RFC 460R PN 3TX-S), - (RFC 470 PN 3TX), - (RFC 470S PN 3TX), - (RFC 480S PN 4TX)

Possible Mitigations

Компенсирующие меры: - использование средств межсетевого экранирования; - ограничение подключения ПЛК к сетям общего пользования (Интернет); - сегментирование сети с целью ограничения доступа к оборудованию из других подсетей; - использование виртуальных частных сетей для организации удаленного доступа (VPN). - отключить протоколы передачи данных, если контроллер будет использоваться в сети, в которой не применены вышеперечисленные меры.

Reference

https://cert.vde.com/en/advisories/VDE-2019-015/

CWE

CWE-287

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Phoenix Contact GmbH \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (AXC 1050), - (AXC 1050 XC), - (AXC 3050), - (FC 350 PCI ETH), - (ILC1x0), - (ILC1x1), - (ILC 1x1 GSM/GPRS), - (ILC 3xx), - (PC WORX RT BASIC), - (PC WORX SRT), - (RFC 430 ETH-IB), - (RFC 450 ETH-IB), - (RFC 460R PN 3TX), - (RFC 460R PN 3TX-S), - (RFC 470 PN 3TX), - (RFC 470S PN 3TX), - (RFC 480S PN 4TX)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u041f\u041b\u041a \u043a \u0441\u0435\u0442\u044f\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044e \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0435\u0441\u043b\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0441\u0435\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b \u0432\u044b\u0448\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b.",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.06.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.06.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.06.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03728",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-9201, VDE-2019-015",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "AXC 1050, AXC 1050 XC, AXC 3050, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 1x1 GSM/GPRS, ILC 3xx, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, FC 350 PCI ETH, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, FC 350 PCI ETH \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0432 TCP-\u0441\u0435\u0430\u043d\u0441 \u043d\u0430 \u043f\u043e\u0440\u0442 1962",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2019-015/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2019-9201 (GCVE-0-2019-9201)

Vulnerability from cvelistv5 – Published: 2019-02-26 23:00 – Updated: 2024-09-16 18:39

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2019-015

BDU:2022-03728

CVE-2019-9201 (GCVE-0-2019-9201)

Tags

Sightings

Nomenclature