CVE-2018-25112

Summary

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTILC 131vers:all/*affected
PHOENIX CONTACTILC 151vers:all/*affected
PHOENIX CONTACTILC 171vers:all/*affected
PHOENIX CONTACTILC 191 ETHvers:all/*affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References