CVE-2019-10997

{"id": "CVE-2019-10997", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-06-17T18:15:10.703", "references": [{"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. Fuzzing de protocolo en PC WORX Ingeniero de un hombre en el atacante central detiene el servicio de PLC. El dispositivo debe reiniciarse o el servicio de PLC debe reiniciarse manualmente a trav\u00e9s de un shell de Linux."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55E6AFB5-E010-46E0-9BB6-D373332705F4", "versionEndExcluding": "2019.0_lts"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_starterkit_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0540D667-F61E-4DEC-A83C-F20EF0CD882D", "versionEndExcluding": "2019.0_lts"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}