Vulnerabilities > Phoenixcontact

DATE CVE VULNERABILITY TITLE RISK
2020-12-02 CVE-2020-12524 Resource Exhaustion vulnerability in Phoenixcontact products
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
network
low complexity
phoenixcontact CWE-400
5.0
2020-07-21 CVE-2020-12499 Path Traversal vulnerability in Phoenixcontact Plcnext Engineer 202031
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
4.4
2020-07-01 CVE-2020-12498 Out-of-bounds Read vulnerability in Phoenixcontact PC Worx and PC Worx Express
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution.
6.8
2020-07-01 CVE-2020-12497 Out-of-bounds Write vulnerability in Phoenixcontact PC Worx and PC Worx Express
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow.
local
low complexity
phoenixcontact CWE-787
7.8
2020-03-27 CVE-2020-10940 Improper Privilege Management vulnerability in Phoenixcontact products
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
local
low complexity
phoenixcontact CWE-269
4.6
2020-03-27 CVE-2020-10939 Improper Privilege Management vulnerability in Phoenixcontact PC Worx SRT
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
local
low complexity
phoenixcontact CWE-269
4.6
2020-03-12 CVE-2020-9436 OS Command Injection vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
network
low complexity
phoenixcontact CWE-78
critical
9.0
2020-03-12 CVE-2020-9435 Use of Hard-coded Credentials vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device.
network
low complexity
phoenixcontact CWE-798
5.0
2020-02-18 CVE-2018-16994 Unspecified vulnerability in Phoenixcontact products
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact).
network
low complexity
phoenixcontact
7.8
2020-02-18 CVE-2019-18352 Unspecified vulnerability in Phoenixcontact products
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security.
4.3