Vulnerabilities > CVE-2014-9195 - Credentials Management vulnerability in Phoenixcontact-Software Multiprog and Proconos Eclr

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phoenixcontact-software

CWE-255

exploit available

metasploit

NVD

Published: 2015-01-17

Updated: 2024-11-21

Summary

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact-Software Phoenixcontact Software Multiprog 5.0	3
OS	Phoenixcontact-Software Phoenixcontact Software Proconos Eclr *	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Phoenix Contact ILC 150 ETH PLC Remote Control Script. CVE-2014-9195. Remote exploit for hardware platform
file	exploits/hardware/remote/37066.py
id	EDB-ID:37066
last seen	2016-02-04
modified	2015-05-20
platform	hardware
port
published	2015-05-20
reporter	Photubias
source	https://www.exploit-db.com/download/37066/
title	Phoenix Contact ILC 150 ETH PLC Remote Control Script
type	remote

Metasploit

description	PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU State (Running or Stopped) AND start or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series) or on port TCP/20547 (confirmed ILC 39x series)
id	MSF:AUXILIARY/ADMIN/SCADA/PHOENIX_COMMAND
last seen	2020-06-03
modified	2017-07-24
published	2016-05-17
references	https://github.com/tijldeneut/ICSSecurityScripts https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9195
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/scada/phoenix_command.rb
title	PhoenixContact PLC Remote START/STOP Command

Packetstorm

data source	https://packetstormsecurity.com/files/download/131961/phoenixcontact-remotecontrol.txt
id	PACKETSTORM:131961
last seen	2016-12-05
published	2015-05-19
reporter	Photubias
source	https://packetstormsecurity.com/files/131961/Phoenix-Contact-ILC-150-ETH-PLC-Remote-Control.html
title	Phoenix Contact ILC 150 ETH PLC Remote Control

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Packetstorm

References