Vulnerabilities > CVE-2014-9195 - Credentials Management vulnerability in Phoenixcontact-Software Multiprog and Proconos Eclr

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phoenixcontact-software
CWE-255
exploit available
metasploit
NVD
Published: 2015-01-17
Updated: 2018-11-29

Summary

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Vulnerable Configurations

Part Description Count
Application
Phoenixcontact-Software
3
OS
Phoenixcontact-Software
4

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPhoenix Contact ILC 150 ETH PLC Remote Control Script. CVE-2014-9195. Remote exploit for hardware platform
fileexploits/hardware/remote/37066.py
idEDB-ID:37066
last seen2016-02-04
modified2015-05-20
platformhardware
port
published2015-05-20
reporterPhotubias
sourcehttps://www.exploit-db.com/download/37066/
titlePhoenix Contact ILC 150 ETH PLC Remote Control Script
typeremote

Metasploit

descriptionPhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU State (Running or Stopped) AND start or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series) or on port TCP/20547 (confirmed ILC 39x series)
idMSF:AUXILIARY/ADMIN/SCADA/PHOENIX_COMMAND
last seen2020-06-03
modified2017-07-24
published2016-05-17
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/scada/phoenix_command.rb
titlePhoenixContact PLC Remote START/STOP Command

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/131961/phoenixcontact-remotecontrol.txt
idPACKETSTORM:131961
last seen2016-12-05
published2015-05-19
reporterPhotubias
sourcehttps://packetstormsecurity.com/files/131961/Phoenix-Contact-ILC-150-ETH-PLC-Remote-Control.html
titlePhoenix Contact ILC 150 ETH PLC Remote Control

References