Lucene search

MitreCVE-2018-16994

HistoryFeb 18, 2020 - 11:15 p.m.

CVE-2018-16994

2020-02-1823:15:11

mitre

web.nvd.nist.gov

cve-2018-16994

phoenix contact

bosch rexroth

remote attackers

bus coupler

authentication issue

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

Affected configurations

Nvd

Node

phoenixcontactaxl_f_bk_pnMatch-

AND

phoenixcontactaxl_f_bk_pn_firmwareRange≤1.0.4

Node

phoenixcontactaxl_f_bk_ethMatch-

AND

phoenixcontactaxl_f_bk_eth_firmwareRange≤1.12

Node

phoenixcontactaxl_f_bk_eth_xcMatch-

AND

phoenixcontactaxl_f_bk_eth_xc_firmwareRange≤1.11

VendorProductVersionCPE
phoenixcontactaxl_f_bk_pn-cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_pn_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth-cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_xc-cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_xc_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	axl_f_bk_pn	-	cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:::::::*
phoenixcontact	axl_f_bk_pn_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware::::::::
phoenixcontact	axl_f_bk_eth	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:::::::*
phoenixcontact	axl_f_bk_eth_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware::::::::
phoenixcontact	axl_f_bk_eth_xc	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:::::::*
phoenixcontact	axl_f_bk_eth_xc_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware::::::::

References

psirt.bosch.com/security-advisories/bosch-sa-645125.html

www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

Related for CVE-2018-16994