CVE-2018-25112
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PHOENIX CONTACT | ILC 131 | vers:all/* | affected |
| PHOENIX CONTACT | ILC 151 | vers:all/* | affected |
| PHOENIX CONTACT | ILC 171 | vers:all/* | affected |
| PHOENIX CONTACT | ILC 191 ETH | vers:all/* | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.