CVE-2022-31800 - Vulnerability Details

CVE-2022-31800 - Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01982.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact Subscribe	Axc 1050 Subscribe Axc 1050 Firmware Subscribe Axc 1050 Xc Subscribe Axc 1050 Xc Firmware Subscribe Axc 3050 Subscribe Axc 3050 Firmware Subscribe Fc 350 Pci Eth Subscribe Fc 350 Pci Eth Firmware Subscribe Ilc1x0 Subscribe Ilc1x0 Firmware Subscribe Ilc1x1 Subscribe Ilc1x1 Firmware Subscribe Ilc 1x1 Gsm\/gprs Subscribe Ilc 1x1 Gsm\/gprs Firmware Subscribe Ilc 3xx Subscribe Ilc 3xx Firmware Subscribe Pc Worx Rt Basic Subscribe Pc Worx Rt Basic Firmware Subscribe Pc Worx Srt Subscribe Pc Worx Srt Firmware Subscribe Rfc 430 Eth-ib Subscribe Rfc 430 Eth-ib Firmware Subscribe Rfc 450 Eth-ib Subscribe Rfc 450 Eth-ib Firmware Subscribe Rfc 460r Pn 3tx Subscribe Rfc 460r Pn 3tx-s Subscribe Rfc 460r Pn 3tx-s Firmware Subscribe Rfc 460r Pn 3tx Firmware Subscribe Rfc 470 Pn 3tx Subscribe Rfc 470 Pn 3tx Firmware Subscribe Rfc 470s Pn 3tx Subscribe Rfc 470s Pn 3tx Firmware Subscribe Rfc 480s Pn 4tx Subscribe Rfc 480s Pn 4tx Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:axc_1050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_1050:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:axc_1050_xc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_1050_xc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:axc_3050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_3050:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:fc_350_pci_eth_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fc_350_pci_eth:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:ilc1x0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc1x0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:ilc1x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc1x1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:phoenixcontact:ilc_1x1_gsm\/gprs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc_1x1_gsm\/gprs:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:phoenixcontact:ilc_3xx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc_3xx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:phoenixcontact:pc_worx_rt_basic_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:pc_worx_rt_basic:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:phoenixcontact:pc_worx_srt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:pc_worx_srt:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_430_eth-ib_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_430_eth-ib:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_450_eth-ib_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_450_eth-ib:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_460r_pn_3tx:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_460r_pn_3tx-s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_470_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_470_pn_3tx:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_470s_pn_3tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_470s_pn_3tx:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_480s_pn_4tx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_480s_pn_4tx:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-53189	An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-025/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-21T08:00:19.264808Z

Updated: 2024-09-16T16:54:13.463Z

Reserved: 2022-05-30T00:00:00

Link: CVE-2022-31800

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-21T08:15:07.510

Modified: 2024-11-21T07:05:21.370

Link: CVE-2022-31800

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-345

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object