CVE-2019-9201
CRITICALPhoenix Contact ILC/AXC Firmware - Unauthenticated Info Disclosure & Directory Traversal via Port 1962
Title source: llmDescription
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
References (2)
Core 2
Core References
Exploit x_refsource_misc
https://medium.com/%40SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561
Third Party Advisory x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2019-015/
Scores
CVSS v3
9.8
EPSS
0.0308
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (8)
phoenixcontact/axc_1050_firmware
phoenixcontact/ilc_131_eth\/xc_firmware
phoenixcontact/ilc_131_eth_firmware
phoenixcontact/ilc_151_eth\/xc_firmware
phoenixcontact/ilc_151_eth_firmware
phoenixcontact/ilc_171_eth_2tx_firmware
phoenixcontact/ilc_191_eth_2tx_firmware
phoenixcontact/ilc_191_me\/an_firmware
Published
Feb 26, 2019
Tracked Since
Feb 18, 2026