Lucene search

[email protected]NVD:CVE-2018-16994

HistoryFeb 18, 2020 - 11:15 p.m.

CVE-2018-16994

2020-02-1823:15:11

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.5%

JSON

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

Affected configurations

Nvd

Node

phoenixcontactaxl_f_bk_pnMatch-

AND

phoenixcontactaxl_f_bk_pn_firmwareRange≤1.0.4

Node

phoenixcontactaxl_f_bk_ethMatch-

AND

phoenixcontactaxl_f_bk_eth_firmwareRange≤1.12

Node

phoenixcontactaxl_f_bk_eth_xcMatch-

AND

phoenixcontactaxl_f_bk_eth_xc_firmwareRange≤1.11

VendorProductVersionCPE
phoenixcontactaxl_f_bk_pn-cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_pn_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth-cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_xc-cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_xc_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	axl_f_bk_pn	-	cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:::::::*
phoenixcontact	axl_f_bk_pn_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware::::::::
phoenixcontact	axl_f_bk_eth	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:::::::*
phoenixcontact	axl_f_bk_eth_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware::::::::
phoenixcontact	axl_f_bk_eth_xc	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:::::::*
phoenixcontact	axl_f_bk_eth_xc_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware::::::::

References

psirt.bosch.com/security-advisories/bosch-sa-645125.html

www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.5%

JSON

Related for NVD:CVE-2018-16994

prion1 cve1 cvelist1