Main Vulnerability Database Vulnerabilities #VU18693

Improper access control in PLCNext AXC F 2152 - CVE-2019-10998

Published: June 6, 2019

Vulnerability identifier: #VU18693

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10998

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Phoenix Contact GmbH

Affected software:
PLCNext AXC F 2152

Detailed vulnerability description

The vulnerability allows an attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when an attacker with physical access to the device can manipulate SD card data. An attacker can bypass the authentication of the device.

Vulnerability affects following PLCNext AXC F 2152 products:

AXC F 2152: article number 2404267
AXC F 2152: article number 1046568 (Starterkit)

How to mitigate CVE-2019-10998

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01

Improper access control in PLCNext AXC F 2152 - CVE-2019-10998

Detailed vulnerability description

How to mitigate CVE-2019-10998

Sources

Please verify you're human