Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 7.5 |
| 2019-03-26 | CVE-2019-9744 | Session Fixation vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. | 8.8 |
| 2019-03-26 | CVE-2019-9743 | Command Injection vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. | 8.8 |
| 2019-02-26 | CVE-2019-9201 | Missing Authentication for Critical Function vulnerability in Phoenixcontact products Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 9.8 |
| 2018-05-17 | CVE-2018-10731 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). | 9.0 |
| 2018-05-17 | CVE-2018-10730 | OS Command Injection vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. | 9.1 |
| 2018-05-17 | CVE-2018-10729 | Information Exposure vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. | 5.3 |
| 2018-05-17 | CVE-2018-10728 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). | 8.1 |
| 2018-04-05 | CVE-2016-8380 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | 7.3 |
| 2018-04-05 | CVE-2016-8371 | Improper Authentication vulnerability in Phoenixcontact ILC Plcs Firmware The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | 7.3 |