Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-3461 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. | 7.8 |
| 2022-11-15 | CVE-2022-3480 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. | 7.5 |
| 2022-11-15 | CVE-2022-3737 | Out-of-bounds Read vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. | 7.8 |
| 2022-11-09 | CVE-2021-34579 | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
| 2022-06-21 | CVE-2022-31800 | Insufficient Verification of Data Authenticity vulnerability in Phoenixcontact products An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | 10.0 |
| 2022-06-21 | CVE-2022-31801 | Insufficient Verification of Data Authenticity vulnerability in multiple products An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | 10.0 |
| 2022-05-11 | CVE-2022-29897 | Improper Input Validation vulnerability in Phoenixcontact products On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. | 9.0 |
| 2022-05-11 | CVE-2022-29898 | Improper Validation of Integrity Check Value vulnerability in Phoenixcontact products On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. | 9.0 |
| 2022-02-02 | CVE-2022-22509 | Improper Privilege Management vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | 9.0 |
| 2021-11-10 | CVE-2021-34582 | Cross-site Scripting vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | 3.5 |