CVE-2020-8768

CRITICAL

Phoenixcontact Ilc 2050 BI Firmware < 1.2.3 - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/de-de/advisories/vde-2020-001
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-063-02

Scores

CVSS v3 9.4
EPSS 0.0061
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Details

CWE
CWE-732
Status published
Products (2)
phoenixcontact/ilc_2050_bi-l_firmware < 1.2.3
phoenixcontact/ilc_2050_bi_firmware < 1.2.3
Published Feb 17, 2020
Tracked Since Feb 18, 2026