Unauthenticated Access Vulnerability in Phoenix Contact ILC PLCs
CVE-2016-8380

7.3HIGH

Key Information:

Vendor
Phoenix Contact
Status
Phoenix Contact Ilc Plcs
Vendor
CVE Published:
5 April 2018

Summary

The web server in Phoenix Contact ILC PLCs is prone to vulnerabilities that allow unauthorized reading and writing of PLC variables. This lack of authentication can expose critical industrial control system data, potentially leading to unauthorized manipulation or disruption of operations. It is crucial for users of affected ILC PLC models to implement robust security practices, including changing default configurations and applying necessary updates.

Affected Version(s)

Phoenix Contact ILC PLCs All ILC 1xx PLCs

References

https://ics-cert.us-cert.gov/advisories/ICSA-313-01
x_refsource_MISC
https://www.exploit-db.com/exploits/45590/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/94163
vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8380 : Unauthenticated Access Vulnerability in Phoenix Contact ILC PLCs | SecurityVulnerability.io