Main Vulnerability Database SB2022062220

SB2022062220 - Missing Authentication for Critical Function in Phoenix Contact Classic Line Industrial Controllers

Published: June 22, 2022

Security Bulletin ID SB2022062220

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2019-9201)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product does not feature a function to authenticate communication protocols. A remote attacker can change or download the configuration, start or stop services, update or modify the firmware or shut down the device.

Remediation

Install update from vendor's website.

References

https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
https://cert.vde.com/en/advisories/VDE-2019-015/
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-05

SB2022062220 - Missing Authentication for Critical Function in Phoenix Contact Classic Line Industrial Controllers

Breakdown by Severity

Description

Remediation

References

Please verify you're human