CVE-2019-10998

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 83.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact AXC F 2152 Firmware Phoenixcontact AXC F 2152 Starterkit Firmware

Timeline

PublishedJun 18

Latest updateMay 24

Description

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDphoenixcontact/axc_f_2152_starterkit_firmware< 2019.0_lts

▶NVDphoenixcontact/axc_f_2152_firmware< 2019.0_lts

🔴Vulnerability Details

GHSA

GHSA-ffv8-7626-q483: An issue was discovered on Phoenix Contact AXC F 2152 (No↗2022-05-24

▶

CVEList

CVE-2019-10998: An issue was discovered on Phoenix Contact AXC F 2152 (No↗2019-06-18

▶

💬Community

Bugzilla

CVE-2018-10998 exiv2: SIGABRT by triggering an incorrect Safe::add call↗2018-05-17

▶