CVE-2018-16994
First published: Tue Feb 18 2020(Updated: )
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Axl F Bk Pn Firmware | <=1.0.4 | |
| Phoenixcontact Axl F Bk Pn | ||
| Phoenixcontact Axl F Bk Eth Firmware | <=1.12 | |
| Phoenixcontact Axl F Bk Eth | ||
| Phoenixcontact Axl F Bk Eth Xc Firmware | <=1.11 | |
| Phoenixcontact Axl F Bk Eth Xc |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16994?
The severity of CVE-2018-16994 is high with a CVSS score of 7.5.
Which devices are affected by CVE-2018-16994?
PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices are affected by CVE-2018-16994.
What is the vulnerable software version for PHOENIX CONTACT AXL F BK PN?
The vulnerable software version for PHOENIX CONTACT AXL F BK PN is up to and including 1.0.4.
What is the vulnerable software version for PHOENIX CONTACT AXL F BK ETH?
The vulnerable software version for PHOENIX CONTACT AXL F BK ETH is up to and including 1.12.
What is the vulnerable software version for PHOENIX CONTACT AXL F BK ETH XC?
The vulnerable software version for PHOENIX CONTACT AXL F BK ETH XC is up to and including 1.11.
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/phoenixcontact
- canonical/phoenixcontact axl f bk pn firmware
- version/phoenixcontact axl f bk pn firmware/1.0.4
- canonical/phoenixcontact axl f bk pn
- canonical/phoenixcontact axl f bk eth firmware
- version/phoenixcontact axl f bk eth firmware/1.12
- canonical/phoenixcontact axl f bk eth
- canonical/phoenixcontact axl f bk eth xc firmware
- version/phoenixcontact axl f bk eth xc firmware/1.11
- canonical/phoenixcontact axl f bk eth xc