Vulnerabilities > CVE-2019-10997 - Unspecified vulnerability in Phoenixcontact products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

phoenixcontact

NVD

Published: 2019-06-17

Updated: 2020-08-24

Summary

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact AXC F 2152 Firmware * Phoenixcontact AXC F 2152 Starterkit Firmware *	2
Hardware	Phoenixcontact Phoenixcontact AXC F 2152 - Phoenixcontact AXC F 2152 Starterkit -	2

References

https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf