PT-2018-4996 · Phoenix Contact · Phoenix Contact Ilc Plcs

Deneut Tijl

Published

2018-04-05

Updated

2018-10-13

CVE-2016-8366

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Phoenix Contact ILC PLCs (affected versions not specified)

Description The issue concerns the storage and transfer of passwords in clear text due to the configuration of the password macro in Webvisit. This macro is intended to protect HMI pages on the PLC against unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-312

Related Identifiers

CVE-2016-8366

Affected Products

Phoenix Contact Ilc Plcs

PT-2018-4996 · Phoenix Contact · Phoenix Contact Ilc Plcs

CVE-2016-8366

Weakness Enumeration

Related Identifiers

Affected Products

References · 4