#VU64578 Missing Authentication for Critical Function in Phoenix Contact GmbH products - CVE-2019-9201
Published: June 22, 2022
Vulnerability identifier: #VU64578
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-9201
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ILC 1x0
AXC 1050
AXC 1050XC
AXC 3050
RFC 480S
RFC 470S
RFC 460R
RFC 430 ETH
RFC 450 ETH
PC WORX RT BASIC
FC 350 PCI ETH
ILC 1x1
ILC 3xx
PC WORX SRT
ILC 1x0
AXC 1050
AXC 1050XC
AXC 3050
RFC 480S
RFC 470S
RFC 460R
RFC 430 ETH
RFC 450 ETH
PC WORX RT BASIC
FC 350 PCI ETH
ILC 1x1
ILC 3xx
PC WORX SRT
Software vendor:
Phoenix Contact GmbH
Phoenix Contact GmbH
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product does not feature a function to authenticate communication protocols. A remote attacker can change or download the configuration, start or stop services, update or modify the firmware or shut down the device.
Remediation
Install updates from vendor's website.