Search criteria
1 vulnerability found for rad-80211-xd by phoenixcontact
VAR-201903-0226
Vulnerability from variot - Updated: 2024-11-23 22:21An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContactRAD-80211-XD/HP-BUS and PhoenixContactRAD-80211-XD are high-power WLAN radio transceivers from PhoenixContact, Germany. This vulnerability is caused by external input data constructing executable commands. The network system or product does not properly filter the special elements. The attacker can Use this vulnerability to execute an illegal command. Multiple Phoenix Contact Products are prone to an remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands on the server. Failed exploit attempts may cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rad-80211-xd\\/hp-bus",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "rad-80211-xd",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "rad-80211-xd",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "rad-80211-xd/hp-bus",
"scope": null,
"trust": 0.8,
"vendor": "phoenix contact",
"version": null
},
{
"model": "contact rad-80211-xd hp-bus",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "/(2900047)"
},
{
"model": "contact rad-80211-xd",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "(2885728)"
},
{
"model": "contact rad-80211-xd/hp-bus-2900047",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "0"
},
{
"model": "contact rad-80211-xd-2885728",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rad 80211 xd hp bus",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rad 80211 xd",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "BID",
"id": "107596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:phoenixcontact:rad-80211-xd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:rad-80211-xd%2fhp-bus_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp (RuppIT) working with Phoenix Contact and CERT@VDE reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-9743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-08968",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-161178",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9743",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9743",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9743",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-08968",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1025",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-161178",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "VULHUB",
"id": "VHN-161178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContactRAD-80211-XD/HP-BUS and PhoenixContactRAD-80211-XD are high-power WLAN radio transceivers from PhoenixContact, Germany. This vulnerability is caused by external input data constructing executable commands. The network system or product does not properly filter the special elements. The attacker can Use this vulnerability to execute an illegal command. Multiple Phoenix Contact Products are prone to an remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary OS commands on the server. Failed exploit attempts may cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9743"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "BID",
"id": "107596"
},
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "VULHUB",
"id": "VHN-161178"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9743",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-085-02",
"trust": 2.3
},
{
"db": "BID",
"id": "107596",
"trust": 2.0
},
{
"db": "CERT@VDE",
"id": "VDE-2019-007",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-08968",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1011",
"trust": 0.6
},
{
"db": "IVD",
"id": "0280FCFF-D76C-4DA8-A60D-FEAB1C9821DB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-161178",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "VULHUB",
"id": "VHN-161178"
},
{
"db": "BID",
"id": "107596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"id": "VAR-201903-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "VULHUB",
"id": "VHN-161178"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
}
]
},
"last_update_date": "2024-11-23T22:21:45.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VDE-2019-007",
"trust": 0.8,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/107596"
},
{
"trust": 1.7,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-007"
},
{
"trust": 1.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-085-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9743"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9743"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-085-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77902"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "VULHUB",
"id": "VHN-161178"
},
{
"db": "BID",
"id": "107596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "VULHUB",
"id": "VHN-161178"
},
{
"db": "BID",
"id": "107596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"date": "2019-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-161178"
},
{
"date": "2019-03-26T00:00:00",
"db": "BID",
"id": "107596"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"date": "2019-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"date": "2019-03-26T20:29:00.807000",
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"date": "2019-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-161178"
},
{
"date": "2019-03-26T00:00:00",
"db": "BID",
"id": "107596"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003224"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1025"
},
{
"date": "2024-11-21T04:52:13.133000",
"db": "NVD",
"id": "CVE-2019-9743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08968"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection",
"sources": [
{
"db": "IVD",
"id": "0280fcff-d76c-4da8-a60d-feab1c9821db"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1025"
}
],
"trust": 0.8
}
}