CVE-2022-31800

Summary

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTILC 1x0All Versionsaffected
PHOENIX CONTACTILC 1x1All Versionsaffected
PHOENIX CONTACTILC 1x1 GSM/GPRSAll Versionsaffected
PHOENIX CONTACTILC 3xxAll Versionsaffected
PHOENIX CONTACTAXC 1050All Versionsaffected
PHOENIX CONTACTAXC 1050 XCAll Versionsaffected
PHOENIX CONTACTAXC 3050All Versionsaffected
PHOENIX CONTACTRFC 480S PN 4TXAll Versionsaffected
PHOENIX CONTACTRFC 470 PN 3TXAll Versionsaffected
PHOENIX CONTACTRFC 470S PN 3TXAll Versionsaffected
PHOENIX CONTACTRFC 460R PN 3TXAll Versionsaffected
PHOENIX CONTACTRFC 460R PN 3TX-SAll Versionsaffected
PHOENIX CONTACTRFC 430 ETH-IBAll Versionsaffected
PHOENIX CONTACTRFC 450 ETH-IBAll Versionsaffected
PHOENIX CONTACTPC WORX SRTAll Versionsaffected
PHOENIX CONTACTPC WORX RT BASICAll Versionsaffected
PHOENIX CONTACTFC 350 PCI ETHAll Versionsaffected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References