关键漏洞信息 漏洞ID VDE-2018-012 发布日期 2018-06-13 13:55 (CEST) 最后更新 2025-06-04 12:01 (CEST) 厂商 PHOENIX CONTACT GmbH & Co. KG 受影响产品及版本 CVE ID CVE-2018-25112 最后更新时间 June 4, 2025, noon 严重性 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 弱点 Allocation of Resources Without Limits or Throttling (CWE-770) 摘要 An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. 影响 The processing of the network load takes up so much CPU power that the operation of all functions of the device, including the 61131 program, will slow down. This may affect the automation task. Once the network load is removed the ILC will return to normal state. 解决方案 Customers using Phoenix Contact ILC 1x1 are recommended to operate the devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-cabable devices, please refer to our application note: https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf 报告者 This vulnerability was reported by Matthias Niedermair (Hochschule Augsburg), Jan-Ole Matchow (Freie Universität Berlin) and Florian Fischer (Hochschule Augsburg) https://www.usenix.org/system/files/conference/woot18/woot18-paper-niedermair.pdf