Search
Find a vulnerability
Search criteria
2 vulnerabilities found for smartrtu_axc_sg_firmware by phoenixcontact
CVE-2023-1109 (GCVE-0-2023-1109)
Vulnerability from nvd – Published: 2023-04-17 07:32 – Updated: 2025-02-05 21:19
VLAI
EPSS
VEX
Title
PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
Summary
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | ENERGY AXC PU (1264327) |
Affected:
V01.00.00.00 , ≤ V04.15.00.00
(custom)
|
|
| PHOENIX CONTACT | SMARTRTU AXC SG (1110435) |
Affected:
V01.00.00.00 , ≤ V01.08.00.02
(custom)
|
|
| PHOENIX CONTACT | SMARTRTU AXC IG (1264328) |
Affected:
V01.00.00.00 , ≤ V01.02.00.01
(custom)
|
|
| PHOENIX CONTACT | Infobox (1169323 ) |
Affected:
V01.00.00.00 , ≤ V02.02.00.00
(custom)
|
Date Public
2023-04-11 08:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:19:48.861651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:19:53.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ENERGY AXC PU (1264327)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V04.15.00.00",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMARTRTU AXC SG (1110435)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V01.08.00.02",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMARTRTU AXC IG (1264328)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V01.02.00.01",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Infobox (1169323 )",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V02.02.00.00",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"
}
],
"datePublic": "2023-04-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
}
],
"value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T07:32:24.262Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
}
],
"source": {
"advisory": "VDE-2023-003",
"defect": [
"CERT@VDE#64407"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1109",
"datePublished": "2023-04-17T07:32:24.262Z",
"dateReserved": "2023-03-01T05:58:56.947Z",
"dateUpdated": "2025-02-05T21:19:53.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1109 (GCVE-0-2023-1109)
Vulnerability from cvelistv5 – Published: 2023-04-17 07:32 – Updated: 2025-02-05 21:19
VLAI
EPSS
VEX
Title
PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
Summary
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | ENERGY AXC PU (1264327) |
Affected:
V01.00.00.00 , ≤ V04.15.00.00
(custom)
|
|
| PHOENIX CONTACT | SMARTRTU AXC SG (1110435) |
Affected:
V01.00.00.00 , ≤ V01.08.00.02
(custom)
|
|
| PHOENIX CONTACT | SMARTRTU AXC IG (1264328) |
Affected:
V01.00.00.00 , ≤ V01.02.00.01
(custom)
|
|
| PHOENIX CONTACT | Infobox (1169323 ) |
Affected:
V01.00.00.00 , ≤ V02.02.00.00
(custom)
|
Date Public
2023-04-11 08:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:19:48.861651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:19:53.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ENERGY AXC PU (1264327)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V04.15.00.00",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMARTRTU AXC SG (1110435)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V01.08.00.02",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMARTRTU AXC IG (1264328)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V01.02.00.01",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Infobox (1169323 )",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "V02.02.00.00",
"status": "affected",
"version": "V01.00.00.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"
}
],
"datePublic": "2023-04-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
}
],
"value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T07:32:24.262Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"
}
],
"source": {
"advisory": "VDE-2023-003",
"defect": [
"CERT@VDE#64407"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1109",
"datePublished": "2023-04-17T07:32:24.262Z",
"dateReserved": "2023-03-01T05:58:56.947Z",
"dateUpdated": "2025-02-05T21:19:53.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}