Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-21 | CVE-2022-31801 | Insufficient Verification of Data Authenticity vulnerability in multiple products An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | 10.0 |
| 2022-05-11 | CVE-2022-29897 | Improper Input Validation vulnerability in Phoenixcontact products On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. | 9.0 |
| 2022-05-11 | CVE-2022-29898 | Improper Validation of Integrity Check Value vulnerability in Phoenixcontact products On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. | 9.0 |
| 2022-02-02 | CVE-2022-22509 | Improper Privilege Management vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | 9.0 |
| 2021-11-10 | CVE-2021-34582 | Cross-site Scripting vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | 3.5 |
| 2021-11-10 | CVE-2021-34598 | Memory Leak vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | 4.3 |
| 2021-11-04 | CVE-2021-34597 | Improper Input Validation vulnerability in Phoenixcontact PC Worx and PC Worx Express Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | 6.8 |
| 2021-09-27 | CVE-2021-34570 | Improper Input Validation vulnerability in Phoenixcontact products Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | 7.8 |
| 2021-06-25 | CVE-2021-21002 | Missing Release of Resource after Effective Lifetime vulnerability in Phoenixcontact products In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. | 5.0 |
| 2021-06-25 | CVE-2021-21003 | Improper Resource Shutdown or Release vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. | 5.0 |