CVE-2019-9201
Published Feb 26, 2019
Last updated 9 months ago
Overview
- Description
- Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 8.5
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:C
Weaknesses
- nvd@nist.gov
- CWE-306
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_131_eth_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "176DF3A4-F017-49AF-B91E-7E1935C5DE56"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_131_eth:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3D2A4938-D680-4AA2-82B0-7FE793AE9318"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_131_eth\\/xc_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FD92DFF-FED1-474D-A2E7-E9CEA11468AC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_131_eth\\/xc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "676A4E47-B36A-4C88-AD15-835843B92B97"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB358CEE-2B29-4DAB-A100-36C841718D56"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_151_eth:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "301BA6C4-3E50-46CC-A6C9-E61948994F20"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_151_eth\\/xc_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE1801C5-62D8-4F06-ADBA-E4D8476DB07E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_151_eth\\/xc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "35E34FD1-9A9A-426C-9788-FD75EAD712B5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_171_eth_2tx_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF4B7D19-2237-4BF3-A3DF-21780618E4EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_171_eth_2tx:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7457430D-A906-440F-8641-F7F412605A92"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_191_eth_2tx_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F0DC047-2D73-42EC-B15B-FF8969F2B470"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_191_eth_2tx:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DA647DB2-0612-4088-BCBC-E14F726FFD8D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:ilc_191_me\\/an_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83317305-2342-4B3A-A806-E2853C54DCAD"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:ilc_191_me\\/an:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "86A2D18D-61B4-4F51-8891-8FCD3E06A8B9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:axc_1050_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D0FC9C3-FA7C-4114-894D-3E04A8D05716"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:axc_1050:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5F55C821-DAA6-4098-BB54-80F6D9ED0CD6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]