Share: Email | Twitter

ID

VDE-2022-046

Published

2022-10-11 08:00 (CEST)

Last update

2022-11-24 08:51 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
1151412 AXC F 1152 < 2022.0.8 LTS
2404267 AXC F 2152 < 2022.0.8 LTS
1069208 AXC F 3152 < 2022.0.8 LTS
1246285 BPC 9102S < 2022.0.8 LTS
1264327 ENERGY AXC PU < V04.14.00.00
1185416 EPC 1502 < 2022.0.7 LTS
1185423 EPC 1522 < 2022.0.7 LTS
1051328 RFC 4072S < 2022.0.8 LTS
1110435 SMARTRTU AXC SG < V01.09.00.00

Summary

UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022)

Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements.

PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.

Vulnerabilities



Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Business Logic Errors (CWE-840)
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Last Update
Oct. 10, 2022, 10:49 a.m.
Weakness
Authentication Bypass by Primary Weakness (CWE-305)
Summary

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Last Update
March 7, 2022, 11:40 a.m.
Weakness
Improper Encoding or Escaping of Output (CWE-116)
Summary

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Last Update
March 7, 2022, 11:41 a.m.
Weakness
Exposure of Resource to Wrong Sphere (CWE-668)
Summary

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Last Update
Nov. 17, 2022, 11:18 a.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 10:48 a.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use of Out-of-range Pointer Offset (CWE-823)
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Last Update
Oct. 10, 2022, 4:33 p.m.
Weakness
Use of Incorrectly-Resolved Name or Reference (CWE-706)
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Last Update
Oct. 10, 2022, 4:30 p.m.
Weakness
Improper Authentication (CWE-287)
Summary
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Last Update
Oct. 10, 2022, 10:52 a.m.
Weakness
Buffer Over-read (CWE-126)
Summary

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.

Last Update
Oct. 10, 2022, 10:52 a.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 10:53 a.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Last Update
Oct. 10, 2022, 10:53 a.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Last Update
Oct. 10, 2022, 10:54 a.m.
Weakness
Use After Free (CWE-416)
Summary

Use After Free in GitHub repository vim/vim prior to 8.2.

Last Update
Oct. 10, 2022, 10:54 a.m.
Weakness
Buffer Over-read (CWE-126)
Summary

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Last Update
Nov. 17, 2022, 11:18 a.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
Last Update
Oct. 10, 2022, 10:50 a.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.

Last Update
Oct. 10, 2022, 10:50 a.m.
Weakness
Use After Free (CWE-416)
Summary

Use After Free in GitHub repository vim/vim prior to 8.2.4979.

Last Update
Oct. 10, 2022, 10:51 a.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Last Update
Oct. 10, 2022, 10:51 a.m.
Weakness
Use After Free (CWE-416)
Summary

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Last Update
Oct. 10, 2022, 10:51 a.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Last Update
Oct. 10, 2022, 10:51 a.m.
Weakness
Buffer Over-read (CWE-126)
Summary

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

Last Update
Oct. 10, 2022, 10:52 a.m.
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use of Out-of-range Pointer Offset (CWE-823)
Summary
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
vim is vulnerable to Heap-based Buffer Overflow
Last Update
Nov. 17, 2022, 11:18 a.m.
Weakness
Buffer Over-read (CWE-126)
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Buffer Over-read (CWE-126)
Summary
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 10:49 a.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Last Update
Oct. 10, 2022, 10:48 a.m.
Weakness
Use After Free (CWE-416)
Summary

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Last Update
Aug. 12, 2022, 10:52 a.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary

OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.

Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Last Update
Oct. 10, 2022, 4:33 p.m.
Weakness
Business Logic Errors (CWE-840)
Summary
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Last Update
Feb. 25, 2022, 8:20 a.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Last Update
Oct. 10, 2022, 10:54 a.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Last Update
Aug. 12, 2022, 10:52 a.m.
Weakness
Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)
Summary

An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.

Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Improper Handling of URL Encoding (Hex Encoding) (CWE-177)
Summary
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
Last Update
Oct. 10, 2022, 10:52 a.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

Last Update
April 11, 2022, 9:50 a.m.
Weakness
Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)
Summary

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
vim is vulnerable to Use After Free
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
vim is vulnerable to Out-of-bounds Read
Last Update
Oct. 10, 2022, 10:48 a.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Last Update
Feb. 25, 2022, 8:19 a.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Last Update
Nov. 17, 2022, 1:09 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Insufficiently Protected Credentials (CWE-522)
Summary
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Allocation of Resources Without Limits or Throttling (CWE-770)
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Business Logic Errors (CWE-840)
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Last Update
Oct. 10, 2022, 4:33 p.m.
Weakness
Insufficiently Protected Credentials (CWE-522)
Summary
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
Last Update
Oct. 10, 2022, 4:35 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
Last Update
Oct. 10, 2022, 10:53 a.m.
Weakness
Uncontrolled Recursion (CWE-674)
Summary

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.

Last Update
Oct. 10, 2022, 10:53 a.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

Last Update
Oct. 10, 2022, 10:49 a.m.
Weakness
Use of Out-of-range Pointer Offset (CWE-823)
Summary

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Last Update
Oct. 10, 2022, 4:33 p.m.
Weakness
Insertion of Sensitive Information Into Sent Data (CWE-201)
Summary
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Missing Cryptographic Step (CWE-325)
Summary
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
Last Update
Oct. 10, 2022, 4:34 p.m.
Weakness
Allocation of Resources Without Limits or Throttling (CWE-770)
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

Impact

Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.

Solution

Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Remediation

Update to the latest LTS Firmware Release.
Update to the latest LTS PLCnext Engineer Release.
Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.

Reported by

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.