9.8
CVE-2019-9201
- EPSS 2.01%
- Veröffentlicht 26.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:11
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Ilc 131 Eth Firmware Version-
Phoenixcontact ≫ Ilc 131 Eth/xc Firmware Version-
Phoenixcontact ≫ Ilc 151 Eth Firmware Version-
Phoenixcontact ≫ Ilc 151 Eth/xc Firmware Version-
Phoenixcontact ≫ Ilc 171 Eth 2tx Firmware Version-
Phoenixcontact ≫ Ilc 191 Eth 2tx Firmware Version-
Phoenixcontact ≫ Ilc 191 Me/an Firmware Version-
Phoenixcontact ≫ Axc 1050 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.01% | 0.829 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 10 | 8.5 |
AV:N/AC:L/Au:N/C:P/I:P/A:C
|
| cve@mitre.org | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.