{ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2018-25112", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-06-04T08:00:35.844Z", "datePublished": "2025-06-04T09:37:34.736Z", "dateUpdated": "2025-06-04T13:16:07.981Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ILC 131", "vendor": "PHOENIX CONTACT", "versions": [ { "status": "affected", "version": "vers:all/*" } ] }, { "defaultStatus": "unaffected", "product": "ILC 151", "vendor": "PHOENIX CONTACT", "versions": [ { "status": "affected", "version": "vers:all/*" } ] }, { "defaultStatus": "unaffected", "product": "ILC 171", "vendor": "PHOENIX CONTACT", "versions": [ { "status": "affected", "version": "vers:all/*" } ] }, { "defaultStatus": "unaffected", "product": "ILC 191 ETH", "vendor": "PHOENIX CONTACT", "versions": [ { "status": "affected", "version": "vers:all/*" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Matthias Niedermaier (Hochschule Augsburg)" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Jan-Ole Malchow (Freie Universität Berlin)" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Florian Fischer (Hochschule Augsburg)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device." } ], "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-06-04T09:37:34.736Z" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://certvde.com/en/advisories/VDE-2018-012/" } ], "source": { "advisory": "VDE-2018-012", "discovery": "EXTERNAL" }, "title": "PHOENIX CONTACT: ILC 1x1 ETH Denial of Service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-06-04T13:15:35.632513Z", "id": "CVE-2018-25112", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T13:16:07.981Z" } } ] } }