Vulnerabilities > Phoenixcontact
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-08 | CVE-2023-3571 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | 8.8 |
2023-08-08 | CVE-2023-3572 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | 10.0 |
2023-08-08 | CVE-2023-3573 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | 8.8 |
2023-06-13 | CVE-2023-2673 | Improper Input Validation vulnerability in Phoenixcontact products Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. | 5.3 |
2023-04-17 | CVE-2023-1109 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. | 8.8 |
2022-11-15 | CVE-2022-3461 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. | 7.8 |
2022-11-15 | CVE-2022-3480 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. | 7.5 |
2022-11-15 | CVE-2022-3737 | Out-of-bounds Read vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. | 7.8 |
2022-11-09 | CVE-2021-34579 | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
2022-06-21 | CVE-2022-31800 | Insufficient Verification of Data Authenticity vulnerability in Phoenixcontact products An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | 10.0 |