CVE-2023-1109
PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
*Credits:
Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-01 CVE Reserved
- 2023-04-17 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-126: Path Traversal
References (2)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-003 | Not Applicable | |
| https://github.com/advisories/GHSA-w923-8w64-f5gh | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Infobox Firmware Search vendor "Phoenixcontact" for product "Infobox Firmware" | >= 01.00.00.00 <= 02.02.00.00 Search vendor "Phoenixcontact" for product "Infobox Firmware" and version " >= 01.00.00.00 <= 02.02.00.00" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Infobox Search vendor "Phoenixcontact" for product "Infobox" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Smartrtu Axc Sg Firmware Search vendor "Phoenixcontact" for product "Smartrtu Axc Sg Firmware" | >= 01.00.00.00 <= 01.08.00.02 Search vendor "Phoenixcontact" for product "Smartrtu Axc Sg Firmware" and version " >= 01.00.00.00 <= 01.08.00.02" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Smartrtu Axc Sg Search vendor "Phoenixcontact" for product "Smartrtu Axc Sg" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Smartrtu Axc Ig Firmware Search vendor "Phoenixcontact" for product "Smartrtu Axc Ig Firmware" | >= 01.00.00.00 <= 01.02.00.01 Search vendor "Phoenixcontact" for product "Smartrtu Axc Ig Firmware" and version " >= 01.00.00.00 <= 01.02.00.01" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Smartrtu Axc Ig Search vendor "Phoenixcontact" for product "Smartrtu Axc Ig" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Energy Axc Pu Search vendor "Phoenixcontact" for product "Energy Axc Pu" | >= 01.00.00.00 <= 04.15.00.00 Search vendor "Phoenixcontact" for product "Energy Axc Pu" and version " >= 01.00.00.00 <= 04.15.00.00" | - |
Affected
| ||||||