Vulnerabilities > Phoenixcontact > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-37857 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. | 7.2 |
| 2023-08-09 | CVE-2023-37859 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | 7.2 |
| 2022-11-09 | CVE-2021-34579 | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
| 2022-02-02 | CVE-2022-22509 | Improper Privilege Management vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | 8.8 |
| 2021-09-27 | CVE-2021-34570 | Unspecified vulnerability in Phoenixcontact products Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | 7.5 |
| 2021-06-25 | CVE-2021-21002 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. | 7.5 |
| 2021-06-25 | CVE-2021-21005 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. | 7.5 |
| 2021-06-25 | CVE-2021-33540 | Unspecified vulnerability in Phoenixcontact products In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. | 7.3 |
| 2021-06-25 | CVE-2021-33541 | Unspecified vulnerability in Phoenixcontact Ilc1X0 Firmware and Ilc1X1 Firmware Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. | 7.5 |
| 2021-06-25 | CVE-2021-33542 | Unspecified vulnerability in Phoenixcontact Config+ and PC Worx Express Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. | 7.0 |