{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1109", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-03-01T05:58:56.947Z", "datePublished": "2023-04-17T07:32:24.262Z", "dateUpdated": "2025-02-05T21:19:53.289Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ENERGY AXC PU (1264327)", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "V04.15.00.00", "status": "affected", "version": "V01.00.00.00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SMARTRTU AXC SG (1110435)", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "V01.08.00.02", "status": "affected", "version": "V01.00.00.00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SMARTRTU AXC IG (1264328)", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "V01.02.00.01", "status": "affected", "version": "V01.00.00.00", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Infobox (1169323 )", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "V02.02.00.00", "status": "affected", "version": "V01.00.00.00", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"}], "datePublic": "2023-04-11T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."}], "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-04-17T07:32:24.262Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"}], "source": {"advisory": "VDE-2023-003", "defect": ["CERT@VDE#64407"], "discovery": "EXTERNAL"}, "title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.389Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-003/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T21:19:48.861651Z", "id": "CVE-2023-1109", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:19:53.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.389Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-05T21:19:48.861651Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:16:40.297Z"}}], "cna": {"title": "PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service", "source": {"defect": ["CERT@VDE#64407"], "advisory": "VDE-2023-003", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Laokoon SecurITy GmbH on behalf of E.ON Digital Technology GmbH"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHOENIX CONTACT", "product": "ENERGY AXC PU (1264327)", "versions": [{"status": "affected", "version": "V01.00.00.00", "versionType": "custom", "lessThanOrEqual": "V04.15.00.00"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "SMARTRTU AXC SG (1110435)", "versions": [{"status": "affected", "version": "V01.00.00.00", "versionType": "custom", "lessThanOrEqual": "V01.08.00.02"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "SMARTRTU AXC IG (1264328)", "versions": [{"status": "affected", "version": "V01.00.00.00", "versionType": "custom", "lessThanOrEqual": "V01.02.00.01"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "Infobox (1169323 )", "versions": [{"status": "affected", "version": "V01.00.00.00", "versionType": "custom", "lessThanOrEqual": "V02.02.00.00"}], "defaultStatus": "affected"}], "datePublic": "2023-04-11T08:00:00.000Z", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-003/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.", "supportingMedia": [{"type": "text/html", "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-04-17T07:32:24.262Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1109", "state": "PUBLISHED", "dateUpdated": "2025-02-05T21:19:53.289Z", "dateReserved": "2023-03-01T05:58:56.947Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-04-17T07:32:24.262Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:energy_axc_pu:*:*:*:*:*:*:*:*", "matchCriteriaId": "667B7404-4720-41E5-B815-9EB2376566D1", "versionEndIncluding": "04.15.00.00", "versionStartIncluding": "01.00.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:infobox_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA39C5A-B6BF-49D9-AAEC-FB38478BAB9B", "versionEndIncluding": "02.02.00.00", "versionStartIncluding": "01.00.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:infobox:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FA377FD-320C-4479-A34F-297ADF792DC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:smartrtu_axc_sg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7191A320-C13F-45C2-8CC1-1EDF5998DCAD", "versionEndIncluding": "01.08.00.02", "versionStartIncluding": "01.00.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:smartrtu_axc_sg:-:*:*:*:*:*:*:*", "matchCriteriaId": "195DA1AA-4D07-4BBC-BA68-88399717FDEB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:smartrtu_axc_ig_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37C85EE7-1CBB-4F62-9259-F9272F05155D", "versionEndIncluding": "01.02.00.01", "versionStartIncluding": "01.00.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:smartrtu_axc_ig:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1CAFD12-9630-4FB5-B802-19189B8E43C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service."}], "id": "CVE-2023-1109", "lastModified": "2024-11-21T07:38:28.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2023-04-17T08:15:07.627", "references": [{"source": "info@cert.vde.com", "tags": ["Not Applicable"], "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-w923-8w64-f5gh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://cert.vde.com/en/advisories/VDE-2023-003/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}