Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-37858 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | 4.9 |
| 2023-08-09 | CVE-2023-37859 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | 7.2 |
| 2022-11-09 | CVE-2021-34579 | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
| 2022-02-02 | CVE-2022-22509 | Improper Privilege Management vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | 8.8 |
| 2021-11-10 | CVE-2021-34582 | Unspecified vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | 4.8 |
| 2021-09-27 | CVE-2021-34570 | Unspecified vulnerability in Phoenixcontact products Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | 7.5 |
| 2021-06-25 | CVE-2021-21002 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. | 7.5 |
| 2021-06-25 | CVE-2021-21003 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. | 5.3 |
| 2021-06-25 | CVE-2021-21004 | Cross-site Scripting vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. | 6.1 |
| 2021-06-25 | CVE-2021-21005 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. | 7.5 |