CVE-2022-31800 : An unauthenticated, remote attacker could upload malicious logic to devices base

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Published 2022-06-21 08:15:08

Updated 2022-06-28 17:04:48

Source CERT VDE

View at NVD, CVE.org

Products affected by CVE-2022-31800

Phoenixcontact » Axc 1050 Firmware
cpe:2.3:o:phoenixcontact:axc_1050_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Axc 1050 » Version: N/A
Phoenixcontact » Ilc1x0 Firmware
cpe:2.3:o:phoenixcontact:ilc1x0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Ilc1x0 » Version: N/A
Phoenixcontact » Ilc1x1 Firmware
cpe:2.3:o:phoenixcontact:ilc1x1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Ilc1x1 » Version: N/A
Phoenixcontact » Axc 1050 Xc Firmware
cpe:2.3:o:phoenixcontact:axc_1050_xc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Axc 1050 Xc » Version: N/A
Phoenixcontact » Axc 3050 Firmware
cpe:2.3:o:phoenixcontact:axc_3050_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Axc 3050 » Version: N/A
Phoenixcontact » Fc 350 Pci Eth Firmware
cpe:2.3:o:phoenixcontact:fc_350_pci_eth_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fc 350 Pci Eth » Version: N/A
Phoenixcontact » Ilc 1x1 Gsm/gprs Firmware
cpe:2.3:o:phoenixcontact:ilc_1x1_gsm\/gprs_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Ilc 1x1 Gsm/gprs » Version: N/A
Phoenixcontact » Ilc 3xx Firmware
cpe:2.3:o:phoenixcontact:ilc_3xx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Ilc 3xx » Version: N/A
Phoenixcontact » Pc Worx Rt Basic Firmware
cpe:2.3:o:phoenixcontact:pc_worx_rt_basic_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Pc Worx Rt Basic » Version: N/A
Phoenixcontact » Pc Worx Srt Firmware
cpe:2.3:o:phoenixcontact:pc_worx_srt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Pc Worx Srt » Version: N/A
Phoenixcontact » Rfc 430 Eth-ib Firmware
cpe:2.3:o:phoenixcontact:rfc_430_eth-ib_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 430 Eth-ib » Version: N/A
Phoenixcontact » Rfc 450 Eth-ib Firmware
cpe:2.3:o:phoenixcontact:rfc_450_eth-ib_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 450 Eth-ib » Version: N/A
Phoenixcontact » Rfc 460r Pn 3tx Firmware
cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 460r Pn 3tx » Version: N/A
Phoenixcontact » Rfc 460r Pn 3tx-s Firmware
cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 460r Pn 3tx-s » Version: N/A
Phoenixcontact » Rfc 470 Pn 3tx Firmware
cpe:2.3:o:phoenixcontact:rfc_470_pn_3tx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 470 Pn 3tx » Version: N/A
Phoenixcontact » Rfc 470s Pn 3tx Firmware
cpe:2.3:o:phoenixcontact:rfc_470s_pn_3tx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 470s Pn 3tx » Version: N/A
Phoenixcontact » Rfc 480s Pn 4tx Firmware
cpe:2.3:o:phoenixcontact:rfc_480s_pn_4tx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Rfc 480s Pn 4tx » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-31800

EPSS FAQ

2.69%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-31800

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	CERT VDE
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-31800

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Assigned by: info@cert.vde.com (Primary)

References for CVE-2022-31800

https://cert.vde.com/en/advisories/VDE-2022-025/

VDE-2022-025 | CERT@VDE
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-31800

Products affected by CVE-2022-31800

Exploit prediction scoring system (EPSS) score for CVE-2022-31800

CVSS scores for CVE-2022-31800

CWE ids for CVE-2022-31800

References for CVE-2022-31800