PT-2019-12129 · Phoenix Contact · Axc F 2152 Starterkit+1

Published

2019-06-18

Updated

2019-06-20

CVE-2019-10998

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Phoenix Contact AXC F 2152 versions prior to 2019.0 LTS Phoenix Contact AXC F 2152 STARTERKIT versions prior to 2019.0 LTS

Description An issue allows unlimited physical access to the Programmable Logic Controller (PLC), which may lead to manipulation of SD card data. This SD card manipulation can result in an authentication bypass opportunity.

Recommendations For Phoenix Contact AXC F 2152 versions prior to 2019.0 LTS, update to version 2019.0 LTS or later to resolve the issue. For Phoenix Contact AXC F 2152 STARTERKIT versions prior to 2019.0 LTS, update to version 2019.0 LTS or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-10998

Affected Products

Axc F 2152

Axc F 2152 Starterkit

PT-2019-12129 · Phoenix Contact · Axc F 2152 Starterkit+1

CVE-2019-10998

Weakness Enumeration

Related Identifiers

Affected Products

References · 3