PT-2019-12128 · Phoenix Contact+1 · Pc Worx Engineer+3

Published

2019-06-17

Updated

2020-08-24

CVE-2019-10997

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Phoenix Contact AXC F 2152 versions prior to 2019.0 LTS Phoenix Contact AXC F 2152 STARTERKIT versions prior to 2019.0 LTS

Description An issue was discovered where protocol fuzzing by a man-in-the-middle attacker on PC WORX Engineer can stop the PLC service, requiring a device reboot or manual restart of the PLC service via a Linux shell.

Recommendations For Phoenix Contact AXC F 2152 versions prior to 2019.0 LTS, update to version 2019.0 LTS or later. For Phoenix Contact AXC F 2152 STARTERKIT versions prior to 2019.0 LTS, update to version 2019.0 LTS or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-10997

Affected Products

Linux

Pc Worx Engineer

Phoenix Contact Axc F 2152

Phoenix Contact Axc F 2152 Starterkit

PT-2019-12128 · Phoenix Contact+1 · Pc Worx Engineer+3

CVE-2019-10997

Related Identifiers

Affected Products

References · 3