Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for smartrtu_axc_ig_firmware by phoenixcontact

    CVE-2023-1109 (GCVE-0-2023-1109)

    Vulnerability from nvd – Published: 2023-04-17 07:32 – Updated: 2025-02-05 21:19
    VLAI
    Title
    PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
    Summary
    In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT ENERGY AXC PU (1264327) Affected: V01.00.00.00 , ≤ V04.15.00.00 (custom)
    Create a notification for this product.
    PHOENIX CONTACT SMARTRTU AXC SG (1110435) Affected: V01.00.00.00 , ≤ V01.08.00.02 (custom)
    Create a notification for this product.
    PHOENIX CONTACT SMARTRTU AXC IG (1264328) Affected: V01.00.00.00 , ≤ V01.02.00.01 (custom)
    Create a notification for this product.
    PHOENIX CONTACT Infobox (1169323 ) Affected: V01.00.00.00 , ≤ V02.02.00.00 (custom)
    Create a notification for this product.
    Date Public
    2023-04-11 08:00
    Credits
    Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T21:19:48.861651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T21:19:53.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY AXC PU (1264327)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V04.15.00.00",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SMARTRTU AXC SG (1110435)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V01.08.00.02",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SMARTRTU AXC IG (1264328)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V01.02.00.01",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Infobox (1169323 )",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V02.02.00.00",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"
            }
          ],
          "datePublic": "2023-04-11T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
                }
              ],
              "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T07:32:24.262Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-003",
            "defect": [
              "CERT@VDE#64407"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1109",
        "datePublished": "2023-04-17T07:32:24.262Z",
        "dateReserved": "2023-03-01T05:58:56.947Z",
        "dateUpdated": "2025-02-05T21:19:53.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1109 (GCVE-0-2023-1109)

    Vulnerability from cvelistv5 – Published: 2023-04-17 07:32 – Updated: 2025-02-05 21:19
    VLAI
    Title
    PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
    Summary
    In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT ENERGY AXC PU (1264327) Affected: V01.00.00.00 , ≤ V04.15.00.00 (custom)
    Create a notification for this product.
    PHOENIX CONTACT SMARTRTU AXC SG (1110435) Affected: V01.00.00.00 , ≤ V01.08.00.02 (custom)
    Create a notification for this product.
    PHOENIX CONTACT SMARTRTU AXC IG (1264328) Affected: V01.00.00.00 , ≤ V01.02.00.01 (custom)
    Create a notification for this product.
    PHOENIX CONTACT Infobox (1169323 ) Affected: V01.00.00.00 , ≤ V02.02.00.00 (custom)
    Create a notification for this product.
    Date Public
    2023-04-11 08:00
    Credits
    Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T21:19:48.861651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T21:19:53.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY AXC PU (1264327)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V04.15.00.00",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SMARTRTU AXC SG (1110435)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V01.08.00.02",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SMARTRTU AXC IG (1264328)",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V01.02.00.01",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Infobox (1169323 )",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "V02.02.00.00",
                  "status": "affected",
                  "version": "V01.00.00.00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"
            }
          ],
          "datePublic": "2023-04-11T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
                }
              ],
              "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T07:32:24.262Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-003",
            "defect": [
              "CERT@VDE#64407"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1109",
        "datePublished": "2023-04-17T07:32:24.262Z",
        "dateReserved": "2023-03-01T05:58:56.947Z",
        "dateUpdated": "2025-02-05T21:19:53.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }