CVE-2019-9201
Last modified
CVE-2019-9201 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.. EPSS estimates a 3.08% chance of exploitation in the next 30 days.
Description
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Ilc 131 Eth Firmware | All versions |
| Phoenixcontact | Ilc 131 Eth\/Xc Firmware | All versions |
| Phoenixcontact | Ilc 151 Eth Firmware | All versions |
| Phoenixcontact | Ilc 151 Eth\/Xc Firmware | All versions |
| Phoenixcontact | Ilc 171 Eth 2tx Firmware | All versions |
| Phoenixcontact | Ilc 191 Eth 2tx Firmware | All versions |
| Phoenixcontact | Ilc 191 Me\/An Firmware | All versions |
| Phoenixcontact | Axc 1050 Firmware | All versions |
References
- https://cert.vde.com/en/advisories/VDE-2019-015/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2019-015/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9201?
How severe is CVE-2019-9201?
How do I fix CVE-2019-9201?
Are you affected by CVE-2019-9201?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST