Filtered by vendor Phoenixcontact
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3569 | 1 Phoenixcontact | 14 Cloud Client 1101t-tx, Cloud Client 1101t-tx Firmware, Tc Cloud Client 1002-4g and 11 more | 2023-12-10 | N/A | 4.9 MEDIUM |
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. | |||||
CVE-2023-37857 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-12-10 | N/A | 7.2 HIGH |
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. | |||||
CVE-2023-3573 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-12-10 | N/A | 8.8 HIGH |
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | |||||
CVE-2023-3572 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-12-10 | N/A | 10.0 CRITICAL |
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | |||||
CVE-2023-2673 | 1 Phoenixcontact | 52 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 4102 Pci and 49 more | 2023-12-10 | N/A | 5.3 MEDIUM |
Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. | |||||
CVE-2023-1109 | 1 Phoenixcontact | 7 Energy Axc Pu, Infobox, Infobox Firmware and 4 more | 2023-12-10 | N/A | 8.8 HIGH |
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. | |||||
CVE-2021-34579 | 1 Phoenixcontact | 1 Fl Mguard Dm | 2023-12-10 | N/A | 7.5 HIGH |
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. | |||||
CVE-2022-3461 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2023-12-10 | N/A | 7.8 HIGH |
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | |||||
CVE-2022-3737 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2023-12-10 | N/A | 7.8 HIGH |
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | |||||
CVE-2022-3480 | 1 Phoenixcontact | 62 Fl Mguard Centerport, Fl Mguard Centerport Firmware, Fl Mguard Centerport Vpn-1000 and 59 more | 2023-12-10 | N/A | 7.5 HIGH |
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. | |||||
CVE-2022-29897 | 1 Phoenixcontact | 6 Rad-ism-900-en-bd, Rad-ism-900-en-bd-bus, Rad-ism-900-en-bd-bus Firmware and 3 more | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. | |||||
CVE-2022-31801 | 2 Phoenixcontact, Phoenixcontact-software | 3 Multiprog, Proconos, Proconos Eclr | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | |||||
CVE-2022-31800 | 1 Phoenixcontact | 34 Axc 1050, Axc 1050 Firmware, Axc 1050 Xc and 31 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | |||||
CVE-2022-29898 | 1 Phoenixcontact | 6 Rad-ism-900-en-bd, Rad-ism-900-en-bd-bus, Rad-ism-900-en-bd-bus Firmware and 3 more | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. | |||||
CVE-2021-34597 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | |||||
CVE-2021-34582 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | |||||
CVE-2021-34570 | 1 Phoenixcontact | 12 Axc F 1152, Axc F 1152 Firmware, Axc F 2152 and 9 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | |||||
CVE-2021-34598 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | |||||
CVE-2022-22509 | 1 Phoenixcontact | 130 Fl Switch 2005, Fl Switch 2005 Firmware, Fl Switch 2008 and 127 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | |||||
CVE-2021-21004 | 1 Phoenixcontact | 30 Fl Nat Smn 8tx, Fl Nat Smn 8tx-m, Fl Nat Smn 8tx-m Firmware and 27 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. |