Vulnerability-Lookup

GHSA-55QW-8GMW-8C9W

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35

Details

Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-02T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).",
  "id": "GHSA-55qw-8gmw-8c9w",
  "modified": "2022-05-24T17:35:06Z",
  "published": "2022-05-24T17:35:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12524"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-12524 (GCVE-0-2020-12524)

Vulnerability from cvelistv5 – Published: 2020-12-02 14:39 – Updated: 2024-09-17 03:58

Title

Phoenix Contact BTP Touch Panels uncontrolled resource consumption

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2020-047

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Phoenix Contact	BTP Touch Panel	Affected: BTP 2043W (1050387) all versions Affected: BTP 2070W (1046666) all versions Affected: BTP 2102W (1046667) all versions

Date Public ?

2020-12-02 00:00

Credits

This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BTP Touch Panel",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "status": "affected",
              "version": "BTP 2043W (1050387) all versions"
            },
            {
              "status": "affected",
              "version": "BTP 2070W (1046666) all versions"
            },
            {
              "status": "affected",
              "version": "BTP 2102W (1046667) all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
        }
      ],
      "datePublic": "2020-12-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-02T14:39:20.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
        }
      ],
      "source": {
        "advisory": "vde-2020-047",
        "defect": [
          "vde-2020-047"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption",
      "workarounds": [
        {
          "lang": "en",
          "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-12-02T09:00:00.000Z",
          "ID": "CVE-2020-12524",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact BTP Touch Panels uncontrolled resource consumption"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BTP Touch Panel",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "BTP 2043W (1050387)",
                            "version_value": "all versions"
                          },
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "BTP 2070W (1046666)",
                            "version_value": "all versions"
                          },
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "BTP 2102W (1046667)",
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was discovered by Richard Thomas and Tom Chothia of University of Birmingham."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service)."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400 Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-047"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "vde-2020-047",
          "defect": [
            "vde-2020-047"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on the recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12524",
    "datePublished": "2020-12-02T14:39:20.197Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:58:57.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-55QW-8GMW-8C9W

CVE-2020-12524 (GCVE-0-2020-12524)

Tags

Sightings

Nomenclature