Vulnerabilities > Phoenixcontact

DATE CVE VULNERABILITY TITLE RISK
2021-06-25 CVE-2021-21002 Missing Release of Resource After Effective Lifetime vulnerability in Phoenixcontact products
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.
network
low complexity
phoenixcontact CWE-772
5.0
2021-06-25 CVE-2021-21003 Improper Resource Shutdown OR Release vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services.
network
low complexity
phoenixcontact CWE-404
5.0
2021-06-25 CVE-2021-21004 Cross-Site Scripting vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.
4.3
2021-06-25 CVE-2021-21005 Race Condition vulnerability in Phoenixcontact products
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash.
network
low complexity
phoenixcontact CWE-362
7.8
2021-06-25 CVE-2021-33540 USE of Hard-Coded Credentials vulnerability in Phoenixcontact products
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
network
low complexity
phoenixcontact CWE-798
7.5
2021-06-25 CVE-2021-33541 Allocation of Resources Without Limits OR Throttling vulnerability in Phoenixcontact Ilc1X0 Firmware and Ilc1X1 Firmware
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability.
network
low complexity
phoenixcontact CWE-770
7.8
2021-06-25 CVE-2021-33542 Access of Uninitialized Pointer vulnerability in Phoenixcontact Config+ and PC Worx
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability.
network
high complexity
phoenixcontact CWE-824
5.1
2020-12-17 CVE-2020-12523 Missing Initialization of Resource vulnerability in Phoenixcontact products
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration.
network
low complexity
phoenixcontact CWE-909
6.4
2020-12-17 CVE-2020-12521 Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack.
low complexity
phoenixcontact CWE-20
6.1
2020-12-17 CVE-2020-12519 Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e.
network
low complexity
phoenixcontact CWE-269
critical
10.0