Main Vulnerability Database SB2020021806

SB2020021806 - Incorrect permission assignment for critical resource in Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L

Published: February 18, 2020

Security Bulletin ID SB2020021806

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-8768)

The vulnerability allows a remote attacker to gain access to unintended functionality on the target system.

The vulnerability exists due to an insecure mechanism for read and write access to the configuration of the device. A remote attacker can examine a link on the website of the device, discover this mechanism, change the device configuration and start or stop services.

Remediation

Install update from vendor's website.

References

https://cert.vde.com/de-de/advisories/vde-2020-001