Vulnerabilities > CVE-2018-16994 - Unspecified vulnerability in Phoenixcontact products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 6 | |
Hardware | 3 |
References
- https://psirt.bosch.com/security-advisories/bosch-sa-645125.html
- https://psirt.bosch.com/security-advisories/bosch-sa-645125.html
- https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf
- https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf