First published: Tue Feb 18 2020(Updated: )
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Axl F Bk Pn Firmware | <=1.0.4 | |
Phoenixcontact Axl F Bk Pn | ||
Phoenixcontact Axl F Bk Eth Firmware | <=1.12 | |
Phoenixcontact Axl F Bk Eth | ||
Phoenixcontact Axl F Bk Eth Xc Firmware | <=1.11 | |
Phoenixcontact Axl F Bk Eth Xc |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-16994 is high with a CVSS score of 7.5.
PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices are affected by CVE-2018-16994.
The vulnerable software version for PHOENIX CONTACT AXL F BK PN is up to and including 1.0.4.
The vulnerable software version for PHOENIX CONTACT AXL F BK ETH is up to and including 1.12.
The vulnerable software version for PHOENIX CONTACT AXL F BK ETH XC is up to and including 1.11.