Sign-up

ID

VAR-201903-0226


CVE

CVE-2019-9743


TITLE

Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-08968 // CNNVD: CNNVD-201903-1025

DESCRIPTION

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContactRAD-80211-XD/HP-BUS and PhoenixContactRAD-80211-XD are high-power WLAN radio transceivers from PhoenixContact, Germany. This vulnerability is caused by external input data constructing executable commands. The network system or product does not properly filter the special elements. The attacker can Use this vulnerability to execute an illegal command. Multiple Phoenix Contact Products are prone to an remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands on the server. Failed exploit attempts may cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2019-9743 // JVNDB: JVNDB-2019-003224 // CNVD: CNVD-2019-08968 // BID: 107596 // IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // VULHUB: VHN-161178

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // CNVD: CNVD-2019-08968

AFFECTED PRODUCTS

vendor:phoenixcontactmodel:rad-80211-xd\/hp-busscope:eqversion: -

Trust: 1.0

vendor:phoenixcontactmodel:rad-80211-xdscope:eqversion: -

Trust: 1.0

vendor:phoenix contactmodel:rad-80211-xdscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:rad-80211-xd/hp-busscope: - version: -

Trust: 0.8

vendor:phoenixmodel:contact rad-80211-xd hp-busscope:eqversion:/(2900047)

Trust: 0.6

vendor:phoenixmodel:contact rad-80211-xdscope:eqversion:(2885728)

Trust: 0.6

vendor:phoenixmodel:contact rad-80211-xd/hp-bus-2900047scope:eqversion:0

Trust: 0.3

vendor:phoenixmodel:contact rad-80211-xd-2885728scope:eqversion:0

Trust: 0.3

vendor:rad 80211 xd hp busmodel: - scope:eqversion: -

Trust: 0.2

vendor:rad 80211 xdmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // CNVD: CNVD-2019-08968 // BID: 107596 // JVNDB: JVNDB-2019-003224 // NVD: CVE-2019-9743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9743
value: HIGH

Trust: 1.0

NVD: CVE-2019-9743
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-08968
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-1025
value: HIGH

Trust: 0.6

IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db
value: HIGH

Trust: 0.2

VULHUB: VHN-161178
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9743
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08968
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-161178
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9743
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // CNVD: CNVD-2019-08968 // VULHUB: VHN-161178 // JVNDB: JVNDB-2019-003224 // CNNVD: CNNVD-201903-1025 // NVD: CVE-2019-9743

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-161178 // JVNDB: JVNDB-2019-003224 // NVD: CVE-2019-9743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1025

TYPE

Command injection

Trust: 0.8

sources: IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // CNNVD: CNNVD-201903-1025

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003224

PATCH
title:VDE-2019-007url:https://cert.vde.com/de-de/advisories/vde-2019-007
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003224

EXTERNAL IDS
db:NVDid:CVE-2019-9743
Trust: 3.6
db:ICS CERTid:ICSA-19-085-02
Trust: 2.3
db:BIDid:107596
Trust: 2.0
db:CERT@VDEid:VDE-2019-007
Trust: 1.7
db:CNNVDid:CNNVD-201903-1025
Trust: 0.9
db:CNVDid:CNVD-2019-08968
Trust: 0.8
db:JVNDBid:JVNDB-2019-003224
Trust: 0.8
db:AUSCERTid:ESB-2019.1011
Trust: 0.6
db:IVDid:0280FCFF-D76C-4DA8-A60D-FEAB1C9821DB
Trust: 0.2
db:VULHUBid:VHN-161178
Trust: 0.1
sources:
            
            
            IVD: 0280fcff-d76c-4da8-a60d-feab1c9821db // 
            
            
            
            CNVD: CNVD-2019-08968 // 
            
            
            
            VULHUB: VHN-161178 // 
            
            
            
            BID: 107596 // 
            
            
            
            JVNDB: JVNDB-2019-003224 // 
            
            
            
            CNNVD: CNNVD-201903-1025 // 
            
            
            
            NVD: CVE-2019-9743

REFERENCES
url:http://www.securityfocus.com/bid/107596
Trust: 1.7
url:https://cert.vde.com/de-de/advisories/vde-2019-007
Trust: 1.7
url:https://ics-cert.us-cert.gov/advisories/icsa-19-085-02
Trust: 1.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-9743
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9743
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-085-02
Trust: 0.8
url:https://www.auscert.org.au/bulletins/77902
Trust: 0.6
url:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-08968 // 
            
            
            
            VULHUB: VHN-161178 // 
            
            
            
            BID: 107596 // 
            
            
            
            JVNDB: JVNDB-2019-003224 // 
            
            
            
            CNNVD: CNNVD-201903-1025 // 
            
            
            
            NVD: CVE-2019-9743

CREDITS
Maxim Rupp (RuppIT) working with Phoenix Contact and CERT@VDE reported this vulnerability to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-1025

SOURCES
db:IVDid:0280fcff-d76c-4da8-a60d-feab1c9821db
db:CNVDid:CNVD-2019-08968
db:VULHUBid:VHN-161178
db:BIDid:107596
db:JVNDBid:JVNDB-2019-003224
db:CNNVDid:CNNVD-201903-1025
db:NVDid:CVE-2019-9743

LAST UPDATE DATE
2024-11-23T22:21:45.682000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-08968date:2019-04-03T00:00:00
db:VULHUBid:VHN-161178date:2019-04-05T00:00:00
db:BIDid:107596date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2019-003224date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201903-1025date:2019-04-08T00:00:00
db:NVDid:CVE-2019-9743date:2024-11-21T04:52:13.133

SOURCES RELEASE DATE
db:IVDid:0280fcff-d76c-4da8-a60d-feab1c9821dbdate:2019-04-03T00:00:00
db:CNVDid:CNVD-2019-08968date:2019-04-03T00:00:00
db:VULHUBid:VHN-161178date:2019-03-26T00:00:00
db:BIDid:107596date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2019-003224date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201903-1025date:2019-03-26T00:00:00
db:NVDid:CVE-2019-9743date:2019-03-26T20:29:00.807