CVE-2023-1109
Published Apr 17, 2023
Last updated 2 years ago
Overview
- Description
- In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
- Source
- info@cert.vde.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- info@cert.vde.com
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:energy_axc_pu:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "667B7404-4720-41E5-B815-9EB2376566D1",
"versionEndIncluding": "04.15.00.00",
"versionStartIncluding": "01.00.00.00"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:infobox:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5FA377FD-320C-4479-A34F-297ADF792DC1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:infobox_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BA39C5A-B6BF-49D9-AAEC-FB38478BAB9B",
"versionEndIncluding": "02.02.00.00",
"versionStartIncluding": "01.00.00.00"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:smartrtu_axc_sg:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "195DA1AA-4D07-4BBC-BA68-88399717FDEB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:smartrtu_axc_sg_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7191A320-C13F-45C2-8CC1-1EDF5998DCAD",
"versionEndIncluding": "01.08.00.02",
"versionStartIncluding": "01.00.00.00"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:smartrtu_axc_ig:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F1CAFD12-9630-4FB5-B802-19189B8E43C4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:smartrtu_axc_ig_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37C85EE7-1CBB-4F62-9259-F9272F05155D",
"versionEndIncluding": "01.02.00.01",
"versionStartIncluding": "01.00.00.00"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]