Lucene search

[email protected]CVE-2020-9436

HistoryMar 12, 2020 - 2:15 p.m.

CVE-2020-9436

2020-03-1214:15:00

CWE-78

[email protected]

web.nvd.nist.gov

cve

2020

9436

phoenix contact

tc router

tc cloud client

security

vulnerability

command injection

authenticated users

post request

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.132 Low

EPSS

Percentile

95.5%

JSON

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

CPENameOperatorVersion
phoenixcontact:tc_router_3002t-4g_firmwarephoenixcontact tc router 3002t-4g firmwarele2.05.3
phoenixcontact:tc_router_2002t-3g_firmwarephoenixcontact tc router 2002t-3g firmwarele2.05.3
phoenixcontact:tc_router_3002t-4g_vzw_firmwarephoenixcontact tc router 3002t-4g vzw firmwarele2.05.3
phoenixcontact:tc_router_3002t-4g_att_firmwarephoenixcontact tc router 3002t-4g att firmwarele2.05.3
phoenixcontact:tc_cloud_client_1002-4g_firmwarephoenixcontact tc cloud client 1002-4g firmwarele2.03.17
phoenixcontact:tc_cloud_client_1002-txtx_firmwarephoenixcontact tc cloud client 1002-txtx firmwarele1.03.17

CPE	Name	Operator	Version
phoenixcontact:tc_router_3002t-4g_firmware	phoenixcontact tc router 3002t-4g firmware	le	2.05.3
phoenixcontact:tc_router_2002t-3g_firmware	phoenixcontact tc router 2002t-3g firmware	le	2.05.3
phoenixcontact:tc_router_3002t-4g_vzw_firmware	phoenixcontact tc router 3002t-4g vzw firmware	le	2.05.3
phoenixcontact:tc_router_3002t-4g_att_firmware	phoenixcontact tc router 3002t-4g att firmware	le	2.05.3
phoenixcontact:tc_cloud_client_1002-4g_firmware	phoenixcontact tc cloud client 1002-4g firmware	le	2.03.17
phoenixcontact:tc_cloud_client_1002-txtx_firmware	phoenixcontact tc cloud client 1002-txtx firmware	le	1.03.17

References

packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html

seclists.org/fulldisclosure/2020/Mar/15

cert.vde.com/en-us/advisories/

cert.vde.com/en-us/advisories/vde-2020-003

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.132 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2020-9436

checkpoint_advisories1 prion1 zdt1 packetstorm1