Vulnerabilities > CVE-2019-10997 - Unspecified vulnerability in Phoenixcontact products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

phoenixcontact

NVD

Published: 2019-06-17

Updated: 2020-08-24

Summary

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact AXC F 2152 Firmware 1.01 Phoenixcontact AXC F 2152 Firmware 1.1.0 Phoenixcontact AXC F 2152 Firmware 1.02 Phoenixcontact AXC F 2152 Firmware 1.20 Phoenixcontact AXC F 2152 Starterkit Firmware *	5
Hardware	Phoenixcontact Phoenixcontact AXC F 2152 - Phoenixcontact AXC F 2152 Starterkit -	2

References

https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf