Main Vulnerability Database SB2019060614

SB2019060614 - Improper access control in PLCNext AXC F 2152

Published: June 6, 2019

Security Bulletin ID SB2019060614

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2019-10998)

The vulnerability allows an attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when an attacker with physical access to the device can manipulate SD card data. An attacker can bypass the authentication of the device.

Vulnerability affects following PLCNext AXC F 2152 products:

AXC F 2152: article number 2404267
AXC F 2152: article number 1046568 (Starterkit)

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01