Password Vulnerability in Phoenix Contact ILC PLCs
CVE-2016-8366

7.3HIGH

Key Information:

Vendor
Phoenix Contact
Status
Phoenix Contact Ilc Plcs
Vendor
CVE Published:
5 April 2018

Summary

The password macro in Phoenix Contact ILC PLCs can be configured to store and transmit sensitive data in clear text, posing a security risk. This flaw allows unauthorized users to access HMI pages without proper authentication, leading to potential manipulation or exposure of critical system controls. Safeguarding these credentials is essential to prevent unauthorized access and mitigate risks associated with cyberattacks.

Affected Version(s)

Phoenix Contact ILC PLCs All ILC 1xx PLCs

References

https://ics-cert.us-cert.gov/advisories/ICSA-313-01
x_refsource_MISC
https://www.exploit-db.com/exploits/45586/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/94163
vdb-entryx_refsource_BID

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8366 : Password Vulnerability in Phoenix Contact ILC PLCs | SecurityVulnerability.io