CVE-2019-9201
Summary
| CVE | CVE-2019-9201 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-26 23:29:00 UTC |
| Updated | 2026-06-02 21:16:23 UTC |
| Description | Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.015450000 probability, percentile 0.817110000 (date 2026-06-02)
Problem Types: CWE-306 | n/a | CWE-306 CWE-306 Missing Authentication for Critical Function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | [email protected] | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 9 | AV:N/AC:L/Au:N/C:P/I:P/A:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
CompleteAV:N/AC:L/Au:N/C:P/I:P/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Phoenixcontact | Axc 1050 | - | All | All | All |
| Operating System | Phoenixcontact | Axc 1050 Firmware | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 131 Eth | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 131 Eth/xc | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 131 Eth/xc Firmware | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 131 Eth Firmware | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 151 Eth | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 151 Eth/xc | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 151 Eth/xc Firmware | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 151 Eth Firmware | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 171 Eth 2tx | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 171 Eth 2tx Firmware | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 191 Eth 2tx | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 191 Eth 2tx Firmware | - | All | All | All |
| Hardware | Phoenixcontact | Ilc 191 Me/an | - | All | All | All |
| Operating System | Phoenixcontact | Ilc 191 Me/an Firmware | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2019-015 | CERT@VDE | af854a3a-2127-422b-91ae-364da2661108 | cert.vde.com | Third Party Advisory |
| Insecure permissions in ILC and AXC controllers leaves over 1,200 ICS devices vulnerable to attacks over the internet | af854a3a-2127-422b-91ae-364da2661108 | medium.com | Exploit |
| Insecure permissions in ILC and AXC controllers leaves over 1,200 ICS devices vulnerable to attacks over the internet | MITRE | medium.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591322 Phoenix Contact Classic Line industrial controllers Remote configuration using unauthenticated communication protocols Vulnerability (VDE-2019-015)