Lucene search
K

PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)

🗓️ 04 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 15 Views

Phoenix Contact PLCNext AXC F 2152 has improper access control leading to authentication bypass risk.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Phoenix Contact PLCNext AXC F 2152 Authorization Issues Vulnerability
5 Jun 201900:00
cnvd
CVE
CVE-2019-10998
18 Jun 201912:10
cve
Cvelist
CVE-2019-10998
18 Jun 201912:10
cvelist
EUVD
EUVD-2019-2712
7 Oct 202500:30
euvd
ICS
PHOENIX CONTACT PLCNext AXC F 2152
4 Jun 201900:00
ics
NVD
CVE-2019-10998
18 Jun 201913:15
nvd
OSV
CVE-2019-10998
18 Jun 201913:15
osv
Prion
Authentication flaw
18 Jun 201913:15
prion
RedhatCVE
CVE-2019-10998
22 May 202505:31
redhatcve
Tenable Nessus
PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)
25 Jan 202300:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502718);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/04");

  script_cve_id("CVE-2019-10998");
  script_xref(name:"ICSA", value:"19-155-01");

  script_name(english:"PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267)
before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0
LTS devices. Unlimited physical access to the PLC may lead to a
manipulation of SD cards data. SD card manipulation may lead to an
authentication bypass opportunity.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b8aca257");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer
release 2019.0 LTS or later, and apply the following specific mitigations below:

- Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.
- Follow the advice concerning SD card usage in the manual “Art.-Nr. 107708: UM EN AXC F 2152 Installing, starting up,
and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf” that can be found on the product page below:
- https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-
itemdetail:pid=2404267&library=usen&pcck=P-21-14-01&tab=1&selectedCategory=ALL
- Use the notification manager to monitor SD card exchanges by the application program.
- Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.

Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable
firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to
the Phoenix Contact application note “Art.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable
devices with Ethernet connection against unauthorized access,” which can be found at the following link:

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_0
1.pdf

For more information, CERT@VDE has released a security advisory available at the following link:

https://cert.vde.com/en-us/advisories/vde-2019-009");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10998");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/PhoenixContact");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/PhoenixContact');

var asset = tenable_ot::assets::get(vendor:'PhoenixContact');

var vuln_cpes = {
    "cpe:/o:phoenixcontact:axc_f_2152_firmware" :
        {"versionStartIncluding" : "1.0", "versionEndExcluding" : "2.0", "family" : "AXC"},
    "cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware" :
        {"versionStartIncluding" : "1.0", "versionEndExcluding" : "2.0", "family" : "AXC"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Dec 2024 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 24.6
CVSS 36.8
EPSS0.00395
15