Vulnerabilities > Phoenixcontact
|2021-09-27||CVE-2021-34570|| Improper Input Validation vulnerability in Phoenixcontact products |
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
| 7.8 |
|2021-06-25||CVE-2021-21002|| Missing Release of Resource after Effective Lifetime vulnerability in Phoenixcontact products |
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.
| 5.0 |
|2021-06-25||CVE-2021-21003|| Improper Resource Shutdown or Release vulnerability in Phoenixcontact products |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services.
| 5.0 |
|2021-06-25||CVE-2021-21004|| Cross-site Scripting vulnerability in Phoenixcontact products |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.
| 4.3 |
|2021-06-25||CVE-2021-21005|| Race Condition vulnerability in Phoenixcontact products |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash.
| 7.8 |
|2021-06-25||CVE-2021-33540|| Use of Hard-coded Credentials vulnerability in Phoenixcontact products |
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
| 7.5 |
|2021-06-25||CVE-2021-33541|| Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact Ilc1X0 Firmware and Ilc1X1 Firmware |
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability.
| 7.8 |
|2021-06-25||CVE-2021-33542|| Access of Uninitialized Pointer vulnerability in Phoenixcontact Config+ and PC Worx |
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability.
| 5.1 |
|2020-12-17||CVE-2020-12523|| Missing Initialization of Resource vulnerability in Phoenixcontact products |
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration.
| 6.4 |
|2020-12-17||CVE-2020-12521|| Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware |
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack.
| 6.1 |