Vulnerabilities > Phoenixcontact > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-3570 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | 8.8 |
| 2023-08-08 | CVE-2023-3571 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | 8.8 |
| 2023-08-08 | CVE-2023-3573 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | 8.8 |
| 2023-04-17 | CVE-2023-1109 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. | 8.8 |
| 2022-11-15 | CVE-2022-3461 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. | 7.8 |
| 2022-11-15 | CVE-2022-3480 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. | 7.5 |
| 2022-11-15 | CVE-2022-3737 | Out-of-bounds Read vulnerability in Phoenixcontact Automationworx Software Suite 1.89 In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. | 7.8 |
| 2022-11-09 | CVE-2021-34579 | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
| 2021-09-27 | CVE-2021-34570 | Improper Input Validation vulnerability in Phoenixcontact products Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | 7.8 |
| 2021-06-25 | CVE-2021-21005 | Race Condition vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. | 7.8 |