VDE-2023-004
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2023-04-11 08:00 - Updated: 2023-04-11 08:00Summary
Phoenix Contact: Directory Traversal Vulnerability in ENERGY AXC PU Web service
Notes
Summary: A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.
Impact: The vulnerability enables an attacker to gain access to the file system of the devices. This can enable the attacker to compromise the device in terms of availability, integrity and confidentiality.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to Phoenix Contacts application note.Measures to protect network-capable devices with Ethernet connection
Remediation: Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.
| Article no | Article | Fixed version |
|------------|-------------------|-------------------|
| 1264327 | ENERGY AXC PU | V04.15.00.01 |
| 1110435 | SMARTRTU AXC SG | V01.09.00.00 |
| 1264328 | SMARTRTU AXC IG | End of Q3 2023 |
As Infobox (1169323) is discontinued, no update will be available.
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to Phoenix Contacts application note.Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.
| Article no | Article | Fixed version |
|------------|-------------------|-------------------|
| 1264327 | ENERGY AXC PU | V04.15.00.01 |
| 1110435 | SMARTRTU AXC SG | V01.09.00.00 |
| 1264328 | SMARTRTU AXC IG | End of Q3 2023 |
As Infobox (1169323) is discontinued, no update will be available.
References
Acknowledgments
CERT@VDE
certvde.com
Laokoon SecurITy GmbH
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Laokoon SecurITy GmbH",
"summary": "discovering and reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.",
"title": "Summary"
},
{
"category": "description",
"text": "The vulnerability enables an attacker to gain access to the file system of the devices. This can enable the attacker to compromise the device in terms of availability, integrity and confidentiality.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to\u00a0Phoenix Contacts application note.Measures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.\n\n| Article no | Article | Fixed version |\n|------------|-------------------|-------------------|\n| 1264327 | ENERGY AXC PU | V04.15.00.01 |\n| 1110435 | SMARTRTU AXC SG | V01.09.00.00 |\n| 1264328 | SMARTRTU AXC IG | End of Q3 2023 |\n\nAs Infobox (1169323) is discontinued, no update will be available.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-004: Phoenix Contact: Directory Traversal Vulnerability in ENERGY AXC PU Web service - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-004/"
},
{
"category": "self",
"summary": "VDE-2023-004: Phoenix Contact: Directory Traversal Vulnerability in ENERGY AXC PU Web service - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-004.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "Phoenix Contact: Directory Traversal Vulnerability in ENERGY AXC PU Web service",
"tracking": {
"aliases": [
"VDE-2023-004"
],
"current_release_date": "2023-04-11T08:00:00.000Z",
"generator": {
"date": "2025-04-14T07:40:20.318Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2023-004",
"initial_release_date": "2023-04-11T08:00:00.000Z",
"revision_history": [
{
"date": "2023-04-11T08:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ENERGY AXC PU",
"product": {
"name": "ENERGY AXC PU",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "Infobox*",
"product": {
"name": "Infobox*",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1169323"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC IG",
"product": {
"name": "SMARTRTU AXC IG",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC SG",
"product": {
"name": "SMARTRTU AXC SG",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV04.15.00.00",
"product": {
"name": "Firmware \u003cV04.15.00.00",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=V02.02.00.00",
"product": {
"name": "Firmware \u003c=V02.02.00.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=V01.02.00.01",
"product": {
"name": "Firmware \u003c=V01.02.00.01",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=V01.08.00.02",
"product": {
"name": "Firmware \u003c=V01.08.00.02",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "V04.15.00.01",
"product": {
"name": "Firmware V04.15.00.01",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V01.09.00.00",
"product": {
"name": "Firmware V01.09.00.00",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV04.15.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V02.02.00.00 installed on Infobox*",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V01.02.00.01 installed on SMARTRTU AXC IG",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V01.08.00.02 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V04.15.00.01 installed on ENERGY AXC PU",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1109",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to\u00a0Phoenix Contacts application note.Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.\n\n| Article no | Article | Fixed version |\n|------------|-------------------|-------------------|\n| 1264327 | ENERGY AXC PU | V04.15.00.01 |\n| 1110435 | SMARTRTU AXC SG | V01.09.00.00 |\n| 1264328 | SMARTRTU AXC IG | End of Q3 2023 |\n\nAs Infobox (1169323) is discontinued, no update will be available.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2023-1109"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…