CVE-2020-12519 - Vulnerability Details - OpenCVE

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00152.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Axc F 1152 Axc F 2152 Axc F 2152 Starterkit Axc F 3152 Plcnext Firmware Plcnext Technology Starterkit Rfc 4072s

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-4821	On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

Fixes

Solution

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.

Workaround

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2020-049

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2020-12-17T22:43:14.555150Z

Updated: 2024-09-17T01:21:36.619Z

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12519

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-17T23:15:13.060

Modified: 2024-11-21T04:59:51.313

Link: CVE-2020-12519

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "AXC F 1152 (1151412)", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "AXC F 2152 (2404267)", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "AXC F 3152 (1069208)", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "RFC 4072S (1051328", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "AXC F 2152 Starterkit (1046568)", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PLCnext Technology Starterkit (1188165)", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2021.0 LTS", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE"}], "datePublic": "2020-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-17T22:43:14", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"}], "solutions": [{"lang": "en", "value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities."}], "source": {"advisory": "VDE-2020-049", "defect": ["VDE-2020-049"], "discovery": "EXTERNAL"}, "title": "Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges.", "workarounds": [{"lang": "en", "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-12-17T09:00:00.000Z", "ID": "CVE-2020-12519", "STATE": "PUBLIC", "TITLE": "Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AXC F 1152 (1151412)", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}, {"product_name": "AXC F 2152 (2404267)", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}, {"product_name": "AXC F 3152 (1069208)", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}, {"product_name": "RFC 4072S (1051328", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}, {"product_name": "AXC F 2152 Starterkit (1046568)", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}, {"product_name": "PLCnext Technology Starterkit (1188165)", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "2021.0 LTS"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2020-049", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"}]}, "solution": [{"lang": "en", "value": "Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities."}], "source": {"advisory": "VDE-2020-049", "defect": ["VDE-2020-049"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:52.098Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2020-12519", "datePublished": "2020-12-17T22:43:14.555150Z", "dateReserved": "2020-04-30T00:00:00", "dateUpdated": "2024-09-17T01:21:36.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*", "matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*", "matchCriteriaId": "079A104B-2016-4830-80C1-3AB969106649", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "8233F8C3-5D10-4FD6-B192-39535B7B464C", "versionEndExcluding": "2021.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BDD2FE-0D7C-4868-A5E4-B1004A5C217D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges."}, {"lang": "es", "value": "En Phoenix Contact PLCnext Control Devices versiones anteriores a 2021.0 LTS, un atacante puede utilizar esta vulnerabilidad, es decir, para abrir un shell inverso con privilegios root"}], "id": "CVE-2020-12519", "lastModified": "2024-11-21T04:59:51.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-17T23:15:13.060", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-049"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}