Filtered by vendor Phoenixcontact
Subscribe
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16994 | 1 Phoenixcontact | 6 Axl F Bk Eth, Axl F Bk Eth Firmware, Axl F Bk Eth Xc and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. | |||||
| CVE-2020-8768 | 1 Phoenixcontact | 4 Ilc 2050 Bi, Ilc 2050 Bi-l, Ilc 2050 Bi-l Firmware and 1 more | 2023-12-10 | 7.5 HIGH | 9.4 CRITICAL |
| An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. | |||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | |||||
| CVE-2019-10998 | 1 Phoenixcontact | 4 Axc F 2152, Axc F 2152 Firmware, Axc F 2152 Starterkit and 1 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. | |||||
| CVE-2018-13994 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. | |||||
| CVE-2019-12870 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. | |||||
| CVE-2019-10953 | 5 Abb, Phoenixcontact, Schneider-electric and 2 more | 20 Pm554-tp-eth, Pm554-tp-eth Firmware, Ilc 151 Eth and 17 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | |||||
| CVE-2018-13992 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. | |||||
| CVE-2018-13993 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. | |||||
| CVE-2019-12869 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. | |||||
| CVE-2018-13990 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | |||||
| CVE-2019-12871 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. | |||||
| CVE-2019-9743 | 1 Phoenixcontact | 4 Rad-80211-xd, Rad-80211-xd\/hp-bus, Rad-80211-xd\/hp-bus Firmware and 1 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. | |||||
| CVE-2019-10997 | 1 Phoenixcontact | 4 Axc F 2152, Axc F 2152 Firmware, Axc F 2152 Starterkit and 1 more | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
| An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell. | |||||
| CVE-2019-9744 | 1 Phoenixcontact | 8 Fl Nat Smcs 8tx, Fl Nat Smcs 8tx Firmware, Fl Nat Smn 8tx and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. | |||||
| CVE-2018-13991 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. | |||||
| CVE-2018-10730 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. | |||||
| CVE-2018-5441 | 1 Phoenixcontact | 46 Mguard Centerport, Mguard Centerport Firmware, Mguard Core Tx Vpn and 43 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. | |||||
| CVE-2018-10731 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 9.3 HIGH | 9.0 CRITICAL |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). | |||||
| CVE-2016-8366 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2023-12-10 | 5.0 MEDIUM | 7.3 HIGH |
| Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. | |||||