Vulnerabilities > Phoenixcontact > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-25 | CVE-2021-33541 | Unspecified vulnerability in Phoenixcontact Ilc1X0 Firmware and Ilc1X1 Firmware Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. | 7.5 |
| 2021-06-25 | CVE-2021-33542 | Unspecified vulnerability in Phoenixcontact Config+ and PC Worx Express Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. | 7.0 |
| 2020-12-02 | CVE-2020-12524 | Resource Exhaustion vulnerability in Phoenixcontact products Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | 7.5 |
| 2020-07-21 | CVE-2020-12499 | Path Traversal vulnerability in Phoenixcontact Plcnext Engineer 202031 In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | 7.3 |
| 2020-07-01 | CVE-2020-12498 | Out-of-bounds Read vulnerability in Phoenixcontact PC Worx and PC Worx Express mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. | 7.8 |
| 2020-07-01 | CVE-2020-12497 | Out-of-bounds Write vulnerability in Phoenixcontact PC Worx and PC Worx Express PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. | 7.8 |
| 2020-03-27 | CVE-2020-10940 | Improper Privilege Management vulnerability in Phoenixcontact products Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. | 7.8 |
| 2020-03-27 | CVE-2020-10939 | Incorrect Default Permissions vulnerability in Phoenixcontact PC Worx SRT Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | 7.8 |
| 2020-03-12 | CVE-2020-9436 | OS Command Injection vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | 8.8 |
| 2020-03-12 | CVE-2020-9435 | Use of Hard-coded Credentials vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. | 7.5 |