CVE-2022-31800 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDE	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
phoenixcontact	axc_1050_firmware	*
phoenixcontact	axc_1050_xc_firmware	*
phoenixcontact	axc_3050_firmware	*
phoenixcontact	fc_350_pci_eth_firmware	*
phoenixcontact	ilc1x0_firmware	*
phoenixcontact	ilc1x1_firmware	*
phoenixcontact	ilc_1x1_gsm\/gprs_firmware	*
phoenixcontact	ilc_3xx_firmware	*
phoenixcontact	pc_worx_rt_basic_firmware	*
phoenixcontact	pc_worx_srt_firmware	*
phoenixcontact	rfc_430_eth-ib_firmware	*
phoenixcontact	rfc_450_eth-ib_firmware	*
phoenixcontact	rfc_460r_pn_3tx_firmware	*
phoenixcontact	rfc_460r_pn_3tx-s_firmware	*
phoenixcontact	rfc_470_pn_3tx_firmware	*
phoenixcontact	rfc_470s_pn_3tx_firmware	*
phoenixcontact	rfc_480s_pn_4tx_firmware	*

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

https://cert.vde.com/en/advisories/VDE-2022-025/

https://cert.vde.com/en/advisories/VDE-2022-025/