Vulnerabilities > CVE-2018-16994 - Unspecified vulnerability in Phoenixcontact products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

phoenixcontact

NVD

Published: 2020-02-18

Updated: 2020-08-24

Summary

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact AXL F BK PN Firmware - Phoenixcontact AXL F BK PN Firmware 1.0.4 Phoenixcontact AXL F BK ETH Firmware - Phoenixcontact AXL F BK ETH Firmware 1.12 Phoenixcontact AXL F BK ETH XC Firmware - Phoenixcontact AXL F BK ETH XC Firmware 1.11	6
Hardware	Phoenixcontact Phoenixcontact AXL F BK PN - Phoenixcontact AXL F BK ETH - Phoenixcontact AXL F BK ETH XC -	3

Summary

Vulnerable Configurations

References