CVE-2019-9201

Published: Feb 26, 2019Modified: Jun 2, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

Affected (8)

Products: Phoenixcontact: Ilc 131 Eth Firmware, Ilc 131 Eth/xc Firmware, Ilc 151 Eth Firmware, Ilc 151 Eth/xc Firmware, Ilc 171 Eth 2tx Firmware, Ilc 191 Eth 2tx Firmware, Ilc 191 Me/an Firmware, Axc 1050 Firmware

Phoenixcontact

8 products

Ilc 131 Eth Firmware

Ilc 131 Eth/xc Firmware

Ilc 151 Eth Firmware

Ilc 151 Eth/xc Firmware

Ilc 171 Eth 2tx Firmware

Ilc 191 Eth 2tx Firmware

Ilc 191 Me/an Firmware

Axc 1050 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 131 Eth Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 131 Eth	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 131 Eth/xc Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 131 Eth/xc	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 151 Eth Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 151 Eth	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 151 Eth/xc Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 151 Eth/xc	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 171 Eth 2tx Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 171 Eth 2tx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 191 Eth 2tx Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 191 Eth 2tx	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Ilc 191 Me/an Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Ilc 191 Me/an	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axc 1050 Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Axc 1050	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://cert.vde.com/en/advisories/VDE-2019-015/

Source: cve@mitre.org

Third Party Advisory

https://medium.com/%40SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561

Source: cve@mitre.org

Exploit

https://cert.vde.com/en/advisories/VDE-2019-015/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://medium.com/%40SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.