{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2018-25112", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-06-04T08:00:35.844Z", "datePublished": "2025-06-04T09:37:34.736Z", "dateUpdated": "2025-06-04T13:16:07.981Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ILC 131", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "vers:all/*"}]}, {"defaultStatus": "unaffected", "product": "ILC 151", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "vers:all/*"}]}, {"defaultStatus": "unaffected", "product": "ILC 171", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "vers:all/*"}]}, {"defaultStatus": "unaffected", "product": "ILC 191 ETH", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "vers:all/*"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Matthias Niedermaier (Hochschule Augsburg)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Jan-Ole Malchow (Freie Universita\u0308t Berlin)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Florian Fischer (Hochschule Augsburg)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device."}], "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-06-04T09:37:34.736Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://certvde.com/en/advisories/VDE-2018-012/"}], "source": {"advisory": "VDE-2018-012", "discovery": "EXTERNAL"}, "title": "PHOENIX CONTACT: ILC 1x1 ETH Denial of Service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T13:15:35.632513Z", "id": "CVE-2018-25112", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T13:16:07.981Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-04T13:15:35.632513Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T13:16:02.458Z"}}], "cna": {"title": "PHOENIX CONTACT: ILC 1x1 ETH Denial of Service", "source": {"advisory": "VDE-2018-012", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Matthias Niedermaier (Hochschule Augsburg)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Jan-Ole Malchow (Freie Universita\u0308t Berlin)"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Florian Fischer (Hochschule Augsburg)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHOENIX CONTACT", "product": "ILC 131", "versions": [{"status": "affected", "version": "vers:all/*"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "ILC 151", "versions": [{"status": "affected", "version": "vers:all/*"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "ILC 171", "versions": [{"status": "affected", "version": "vers:all/*"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "ILC 191 ETH", "versions": [{"status": "affected", "version": "vers:all/*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2018-012/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-06-04T09:37:34.736Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25112", "state": "PUBLISHED", "dateUpdated": "2025-06-04T13:16:07.981Z", "dateReserved": "2025-06-04T08:00:35.844Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-06-04T09:37:34.736Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device."}, {"lang": "es", "value": "Un atacante remoto no autenticado podr\u00eda consumir recursos descontroladamente en el programa IEC 61131 de los productos afectados, generando grandes cantidades de tr\u00e1fico de red que el ILC debe gestionar. Esto provoca una denegaci\u00f3n de servicio del dispositivo."}], "id": "CVE-2018-25112", "lastModified": "2025-06-04T14:54:33.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-06-04T10:15:20.380", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/en/advisories/VDE-2018-012/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}