Vulnerabilities > Phoenixcontact

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-12523 Missing Initialization of Resource vulnerability in Phoenixcontact products
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration.
network
low complexity
phoenixcontact CWE-909
6.4
2020-12-17 CVE-2020-12521 Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack.
low complexity
phoenixcontact CWE-20
6.1
2020-12-17 CVE-2020-12519 Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e.
network
low complexity
phoenixcontact CWE-269
critical
10.0
2020-12-17 CVE-2020-12518 Information Exposure vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
network
low complexity
phoenixcontact CWE-200
5.0
2020-12-17 CVE-2020-12517 Cross-Site Scripting vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
6.0
2020-12-02 CVE-2020-12524 Resource Exhaustion vulnerability in Phoenixcontact products
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
network
low complexity
phoenixcontact CWE-400
5.0
2020-07-21 CVE-2020-12499 Path Traversal vulnerability in Phoenixcontact Plcnext Engineer 202031
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
4.4
2020-07-01 CVE-2020-12498 Out-Of-Bounds Read vulnerability in Phoenixcontact PC Worx and PC Worx Express
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution.
6.8
2020-07-01 CVE-2020-12497 Out-Of-Bounds Write vulnerability in Phoenixcontact PC Worx and PC Worx Express
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow.
6.8
2020-03-27 CVE-2020-10940 Improper Privilege Management vulnerability in Phoenixcontact products
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
local
low complexity
phoenixcontact CWE-269
4.6