Vulnerabilities > Phoenixcontact > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-7698 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. | 5.7 |
| 2024-09-10 | CVE-2024-7734 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. | 5.3 |
| 2024-08-13 | CVE-2024-3913 | Files or Directories Accessible to External Parties vulnerability in Phoenixcontact products An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | 5.3 |
| 2023-08-09 | CVE-2023-37856 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 4.3 |
| 2023-08-09 | CVE-2023-37858 | Unspecified vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | 4.9 |
| 2021-11-10 | CVE-2021-34582 | Unspecified vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | 4.8 |
| 2021-06-25 | CVE-2021-21003 | Unspecified vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. | 5.3 |
| 2021-06-25 | CVE-2021-21004 | Cross-site Scripting vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. | 6.1 |
| 2020-12-17 | CVE-2020-12521 | Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | 6.5 |
| 2020-12-17 | CVE-2020-12518 | Information Exposure vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | 5.5 |