Vulnerabilities > Phoenixcontact

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-29897 Improper Input Validation vulnerability in Phoenixcontact products
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.
network
low complexity
phoenixcontact CWE-20
critical
9.0
2022-05-11 CVE-2022-29898 Improper Validation of Integrity Check Value vulnerability in Phoenixcontact products
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
network
low complexity
phoenixcontact CWE-354
critical
9.0
2022-02-02 CVE-2022-22509 Improper Privilege Management vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.
network
low complexity
phoenixcontact CWE-269
critical
9.0
2021-11-10 CVE-2021-34582 Cross-site Scripting vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.
3.5
2021-11-10 CVE-2021-34598 Memory Leak vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active
4.3
2021-11-04 CVE-2021-34597 Improper Input Validation vulnerability in Phoenixcontact PC Worx and PC Worx Express
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
6.8
2021-09-27 CVE-2021-34570 Improper Input Validation vulnerability in Phoenixcontact products
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
network
low complexity
phoenixcontact CWE-20
7.8
2021-06-25 CVE-2021-21002 Missing Release of Resource after Effective Lifetime vulnerability in Phoenixcontact products
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.
network
low complexity
phoenixcontact CWE-772
5.0
2021-06-25 CVE-2021-21003 Improper Resource Shutdown or Release vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services.
network
low complexity
phoenixcontact CWE-404
5.0
2021-06-25 CVE-2021-21004 Cross-site Scripting vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.
4.3