Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-12519 | Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. | 9.8 |
| 2020-12-17 | CVE-2020-12518 | Information Exposure vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | 5.5 |
| 2020-12-17 | CVE-2020-12517 | Cross-site Scripting vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | 9.0 |
| 2020-12-02 | CVE-2020-12524 | Resource Exhaustion vulnerability in Phoenixcontact products Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | 7.5 |
| 2020-07-21 | CVE-2020-12499 | Path Traversal vulnerability in Phoenixcontact Plcnext Engineer 202031 In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | 7.3 |
| 2020-07-01 | CVE-2020-12498 | Out-of-bounds Read vulnerability in Phoenixcontact PC Worx and PC Worx Express mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. | 7.8 |
| 2020-07-01 | CVE-2020-12497 | Out-of-bounds Write vulnerability in Phoenixcontact PC Worx and PC Worx Express PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. | 7.8 |
| 2020-03-27 | CVE-2020-10940 | Improper Privilege Management vulnerability in Phoenixcontact products Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. | 7.8 |
| 2020-03-27 | CVE-2020-10939 | Incorrect Default Permissions vulnerability in Phoenixcontact PC Worx SRT Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | 7.8 |
| 2020-03-12 | CVE-2020-9436 | OS Command Injection vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | 8.8 |