CNNVD-202507-873 Information
Jul 08, 2025
cve
CNNVD ID
CNNVD-202507-873
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
PHOENIX CONTACT AXC F 1152等都是德国菲尼克斯电气(PHOENIX CONTACT)公司的一款控制器设备。 PHOENIX CONTACT多款产品存在后置链接漏洞,该漏洞源于低权限远程攻击者可通过替换service security-profile使用的关键文件或文件夹,获得对设备上任意文件的读写和执行权限。
Description (English)
PHOENIX CONTACT AXC F 1152 and others are all control equipment of PHOENIX CONTACT, Germany. PHOENIX CONTACT multi-products have a backlink loophole, which stems from the fact that low-authority remote assailants can obtain read-write and execution privileges for any document on the device by replacing key files or folders used by service security-profile.
Hazard Level
Medium
Vulnerability Type
后置链接
Affected Vendor
Phoenix Site
Published
2025-07-08
Last Modified
2026-02-24
References
https://certvde.com/en/advisories/VDE-2025-054
Patch
https://www.phoenixcontact.com/en-us/
Share on: