CVE-2018-16994 Information

Description

An issue was discovered on PHOENIX CONTACT AXL F BK PN =1.0.4 AXL F BK ETH = 1.12 and AXL F BK ETH XC = 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://psirt.bosch.com/security-advisories/bosch-sa-645125.html https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5