Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for btp_2070w_firmware by phoenixcontact

    CVE-2020-12524 (GCVE-0-2020-12524)

    Vulnerability from nvd – Published: 2020-12-02 14:39 – Updated: 2024-09-17 03:58
    VLAI
    Title
    Phoenix Contact BTP Touch Panels uncontrolled resource consumption
    Summary
    Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Phoenix Contact BTP Touch Panel Affected: BTP 2043W (1050387) all versions
    Affected: BTP 2070W (1046666) all versions
    Affected: BTP 2102W (1046667) all versions
    Create a notification for this product.
    Date Public
    2020-12-02 00:00
    Credits
    This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.092Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BTP Touch Panel",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "status": "affected",
                  "version": "BTP 2043W (1050387) all versions"
                },
                {
                  "status": "affected",
                  "version": "BTP 2070W (1046666) all versions"
                },
                {
                  "status": "affected",
                  "version": "BTP 2102W (1046667) all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
            }
          ],
          "datePublic": "2020-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-02T14:39:20.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
            }
          ],
          "source": {
            "advisory": "vde-2020-047",
            "defect": [
              "vde-2020-047"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2020-12-02T09:00:00.000Z",
              "ID": "CVE-2020-12524",
              "STATE": "PUBLIC",
              "TITLE": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BTP Touch Panel",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2043W (1050387)",
                                "version_value": "all versions"
                              },
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2070W (1046666)",
                                "version_value": "all versions"
                              },
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2102W (1046667)",
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Phoenix Contact"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en-us/advisories/vde-2020-047",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "vde-2020-047",
              "defect": [
                "vde-2020-047"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2020-12524",
        "datePublished": "2020-12-02T14:39:20.197Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:58:57.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12524 (GCVE-0-2020-12524)

    Vulnerability from cvelistv5 – Published: 2020-12-02 14:39 – Updated: 2024-09-17 03:58
    VLAI
    Title
    Phoenix Contact BTP Touch Panels uncontrolled resource consumption
    Summary
    Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Phoenix Contact BTP Touch Panel Affected: BTP 2043W (1050387) all versions
    Affected: BTP 2070W (1046666) all versions
    Affected: BTP 2102W (1046667) all versions
    Create a notification for this product.
    Date Public
    2020-12-02 00:00
    Credits
    This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.092Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BTP Touch Panel",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "status": "affected",
                  "version": "BTP 2043W (1050387) all versions"
                },
                {
                  "status": "affected",
                  "version": "BTP 2070W (1046666) all versions"
                },
                {
                  "status": "affected",
                  "version": "BTP 2102W (1046667) all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
            }
          ],
          "datePublic": "2020-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-02T14:39:20.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
            }
          ],
          "source": {
            "advisory": "vde-2020-047",
            "defect": [
              "vde-2020-047"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2020-12-02T09:00:00.000Z",
              "ID": "CVE-2020-12524",
              "STATE": "PUBLIC",
              "TITLE": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BTP Touch Panel",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2043W (1050387)",
                                "version_value": "all versions"
                              },
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2070W (1046666)",
                                "version_value": "all versions"
                              },
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "BTP 2102W (1046667)",
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Phoenix Contact"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en-us/advisories/vde-2020-047",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "vde-2020-047",
              "defect": [
                "vde-2020-047"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2020-12524",
        "datePublished": "2020-12-02T14:39:20.197Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:58:57.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }