Lucene search
K

PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)

🗓️ 04 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

PHOENIX CONTACT PLCNext AXC F 2152 is vulnerable due to an accessible channel, requires firmware update.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2019-10997
17 Jun 201917:59
cve
Cvelist
CVE-2019-10997
17 Jun 201917:59
cvelist
EUVD
EUVD-2019-2711
7 Oct 202500:30
euvd
ICS
PHOENIX CONTACT PLCNext AXC F 2152
4 Jun 201900:00
ics
NVD
CVE-2019-10997
17 Jun 201918:15
nvd
OSV
CVE-2019-10997
17 Jun 201918:15
osv
Prion
Code injection
17 Jun 201918:15
prion
RedhatCVE
CVE-2019-10997
22 May 202504:22
redhatcve
Tenable Nessus
PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)
25 Jan 202300:00
nessus
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502757);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/19");

  script_cve_id("CVE-2019-10997");
  script_xref(name:"ICSA", value:"19-155-01");

  script_name(english:"PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267)
before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0
LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the
middle attacker stops the PLC service. The device must be rebooted, or
the PLC service must be restarted manually via a Linux shell.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b8aca257");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer
release 2019.0 LTS or later, and apply the following specific mitigations below:

- Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.
- Follow the advice concerning SD card usage in the manual “Art.-Nr. 107708: UM EN AXC F 2152 Installing, starting up,
and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf” that can be found on the product page below:
- https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-
itemdetail:pid=2404267&library=usen&pcck=P-21-14-01&tab=1&selectedCategory=ALL
- Use the notification manager to monitor SD card exchanges by the application program.
- Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.

Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable
firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to
the Phoenix Contact application note “Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable
devices with Ethernet connection against unauthorized access,” which can be found at the following link:

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_0
1.pdf

For more information, CERT@VDE has released a security advisory available at the following link:

https://cert.vde.com/en-us/advisories/vde-2019-009");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10997");
  script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/PhoenixContact");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/PhoenixContact');

var asset = tenable_ot::assets::get(vendor:'PhoenixContact');

# NVD is incorrect here, check the advisory for version 1.x.
var vuln_cpes = {
    "cpe:/o:phoenixcontact:axc_f_2152_firmware" :
        {"versionStartIncluding" : "1.0", "versionEndExcluding" : "2.0", "family" : "AXC"},
    "cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware" :
        {"versionStartIncluding" : "1.0", "versionEndExcluding" : "2.0", "family" : "AXC"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Feb 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 35.9
CVSS 27.1
EPSS0.01002
9