Vulnerability Details : CVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
Products affected by CVE-2019-9201
- cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_131_eth_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_131_eth\/xc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_151_eth\/xc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_171_eth_2tx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_191_eth_2tx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:ilc_191_me\/an_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:axc_1050_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9201
4.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-9201
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:C |
10.0
|
8.5
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
MITRE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-14 |
CWE ids for CVE-2019-9201
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9201
-
https://cert.vde.com/en/advisories/VDE-2019-015/
VDE-2019-015 | CERT@VDEThird Party Advisory
-
https://medium.com/%40SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
Insecure permissions in ILC and AXC controllers leaves over 1,200 ICS devices vulnerable to attacks over the internet | by Sergiu Sechel | MediumExploit
-
https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
Insecure permissions in ILC and AXC controllers leaves over 1,200 ICS devices vulnerable to attacks over the internetExploit;Third Party Advisory
Jump to