Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.



If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.

Subnet 2---(Ports belonging to subnet 2)
|
FL NAT 2xxx
|
(Ports belonging to subnet 1, port sec ON)---- 2nd device
|
-- unauthorized device

The unauthorized device can access other devices in subnet 2 but cannot access the 2nd device in subnet 1



Manipulated PC Worx or Config+ projects could lead to a remote code execution due to
insufficient input data validation.
The attacker needs to get access to an original PC Worx or Config+ project to be able to
manipulate data inside the project folder. After manipulation the attacker needs to exchange the
original files by the manipulated ones on the application programming workstation.



A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.



A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.



After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI.

The access attempt will only be successful if the former authorized session has not been terminated by the authorized user or by session timeout.



Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0