ID
VAR-201804-0082
CVE
CVE-2016-8380
TITLE
Phoenix Contact ILC Security Bypass Vulnerability
Trust: 0.8
sources:
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
CNVD: CNVD-2016-10997
DESCRIPTION
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. Phoenix Contact ProConOs and MultiProg are programmable logic controllers (PLCs) for industrial PCs from the Phoenix Contact group in Germany. Phoenix Contact ILC PLC is prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks
Trust: 2.7
sources:
NVD: CVE-2016-8380 //
JVNDB: JVNDB-2016-009006 //
CNVD: CNVD-2016-10997 //
BID: 94163 //
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
VULHUB: VHN-97200
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
sources:
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
CNVD: CNVD-2016-10997
AFFECTED PRODUCTS
| vendor: | phoenixcontact | model: | ilc plcs | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | phoenix contact | model: | ilc programmable logic controller | scope: | - | version: | - | Trust: 0.8 |
| vendor: | phoenix | model: | contact ilc plc | scope: | - | version: | - | Trust: 0.6 |
| vendor: | phoenix | model: | contact ilc plc | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | ilc plcs | model: | - | scope: | eq | version: | - | Trust: 0.2 |
sources:
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
CNVD: CNVD-2016-10997 //
BID: 94163 //
JVNDB: JVNDB-2016-009006 //
CNNVD: CNNVD-201611-315 //
NVD: CVE-2016-8380
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
CNVD: CNVD-2016-10997 //
VULHUB: VHN-97200 //
JVNDB: JVNDB-2016-009006 //
CNNVD: CNNVD-201611-315 //
NVD: CVE-2016-8380
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.9 |
| problemtype: | CWE-767 | Trust: 1.0 |
sources:
VULHUB: VHN-97200 //
JVNDB: JVNDB-2016-009006 //
NVD: CVE-2016-8380
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201611-315
TYPE
authorization issue
Trust: 0.6
sources:
CNNVD: CNNVD-201611-315
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-009006
EXPLOIT AVAILABILITY
sources:
VULHUB: VHN-97200
PATCH
| title: | トップページ | url: | https://www.phoenixcontact.com/online/portal/jp?1dmy&urile=wcm%3apath%3a/jpja/web/home | Trust: 0.8 |
| title: | Phoenix Contact ILC Security Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/83812 | Trust: 0.6 |
| title: | Phoenix Contact ILC PLC Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65683 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-10997 //
JVNDB: JVNDB-2016-009006 //
CNNVD: CNNVD-201611-315
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-8380 | Trust: 3.6 |
| db: | BID | id: | 94163 | Trust: 2.6 |
| db: | EXPLOIT-DB | id: | 45590 | Trust: 1.1 |
| db: | CNNVD | id: | CNNVD-201611-315 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2016-10997 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2016-009006 | Trust: 0.8 |
| db: | IVD | id: | 98950ED2-7AEC-4D4D-BB48-4C87EDDBF7EE | Trust: 0.2 |
| db: | VULHUB | id: | VHN-97200 | Trust: 0.1 |
sources:
IVD: 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee //
CNVD: CNVD-2016-10997 //
VULHUB: VHN-97200 //
BID: 94163 //
JVNDB: JVNDB-2016-009006 //
CNNVD: CNNVD-201611-315 //
NVD: CVE-2016-8380
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-313-01 | Trust: 2.8 |
| url: | http://www.securityfocus.com/bid/94163 | Trust: 2.3 |
| url: | https://www.exploit-db.com/exploits/45590/ | Trust: 1.1 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8380 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-8380 | Trust: 0.8 |
| url: | https://www.phoenixcontact.com/online/portal/pc | Trust: 0.3 |
sources:
CNVD: CNVD-2016-10997 //
VULHUB: VHN-97200 //
BID: 94163 //
JVNDB: JVNDB-2016-009006 //
CNNVD: CNNVD-201611-315 //
NVD: CVE-2016-8380
CREDITS
Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg.
Trust: 0.9
sources:
BID: 94163 //
CNNVD: CNNVD-201611-315
SOURCES
| db: | IVD | id: | 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee |
| db: | CNVD | id: | CNVD-2016-10997 |
| db: | VULHUB | id: | VHN-97200 |
| db: | BID | id: | 94163 |
| db: | JVNDB | id: | JVNDB-2016-009006 |
| db: | CNNVD | id: | CNNVD-201611-315 |
| db: | NVD | id: | CVE-2016-8380 |
LAST UPDATE DATE
2024-11-23T22:17:36.558000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-10997 | date: | 2016-11-14T00:00:00 |
| db: | VULHUB | id: | VHN-97200 | date: | 2018-10-14T00:00:00 |
| db: | BID | id: | 94163 | date: | 2016-11-24T01:08:00 |
| db: | JVNDB | id: | JVNDB-2016-009006 | date: | 2018-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-315 | date: | 2018-12-04T00:00:00 |
| db: | NVD | id: | CVE-2016-8380 | date: | 2024-11-21T02:59:15.500 |
SOURCES RELEASE DATE
| db: | IVD | id: | 98950ed2-7aec-4d4d-bb48-4c87eddbf7ee | date: | 2016-11-14T00:00:00 |
| db: | CNVD | id: | CNVD-2016-10997 | date: | 2016-11-14T00:00:00 |
| db: | VULHUB | id: | VHN-97200 | date: | 2018-04-05T00:00:00 |
| db: | BID | id: | 94163 | date: | 2016-11-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-009006 | date: | 2018-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-315 | date: | 2016-11-16T00:00:00 |
| db: | NVD | id: | CVE-2016-8380 | date: | 2018-04-05T16:29:00.330 |