First published: Tue Jun 18 2019(Updated: )
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Axc F 2152 Firmware | <2019.0_lts | |
Phoenixcontact Axc F 2152 | ||
Phoenixcontact Axc F 2152 Starterkit Firmware | <2019.0_lts | |
Phoenixcontact Axc F 2152 Starterkit |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-10998.
The severity of CVE-2019-10998 is medium.
The affected software for CVE-2019-10998 includes Phoenix Contact AXC F 2152 firmware version up to 2019.0 LTS and AXC F 2152 Starterkit firmware version up to 2019.0 LTS.
The vulnerability allows unlimited physical access to the PLC, which may lead to a manipulation of SD card data and an authentication bypass opportunity.
Yes, you can refer to the security advisory document provided by Phoenix Contact: [https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf](https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf)