CNNVD-202507-874 Information
Jul 08, 2025
cve
CNNVD ID
CNNVD-202507-874
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
PHOENIX CONTACT AXC F 1152等都是德国菲尼克斯电气(PHOENIX CONTACT)公司的一款控制器设备。 PHOENIX CONTACT多款产品存在后置链接漏洞,该漏洞源于低权限远程攻击者可通过替换arp-preinit脚本使用的关键文件,获得对设备上任意文件的读写和执行权限。
Description (English)
PHOENIX CONTACT AXC F 1152 and others are all control equipment of PHOENIX CONTACT, Germany. PHOENIX CONTATT has a backlink loophole, which stems from the fact that low-authority remote assailants can obtain permission to read, write and execute any document on the device by replacing key documents used in the arp-preinit script.
Hazard Level
Medium
Vulnerability Type
后置链接
Affected Vendor
Phoenix Site
Published
2025-07-08
Last Modified
2026-02-24
References
https://certvde.com/en/advisories/VDE-2025-054
Patch
https://www.phoenixcontact.com/en-us/
Share on: