Vulnerabilities > Phoenixcontact > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-7698 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. | 5.7 |
| 2024-09-10 | CVE-2024-7734 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. | 5.3 |
| 2024-08-13 | CVE-2024-3913 | Files or Directories Accessible to External Parties vulnerability in Phoenixcontact products An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | 5.3 |
| 2023-12-14 | CVE-2023-46144 | Download of Code Without Integrity Check vulnerability in Phoenixcontact products A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. | 6.5 |
| 2023-08-09 | CVE-2023-37855 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. | 4.3 |
| 2023-08-09 | CVE-2023-37856 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 4.3 |
| 2023-08-09 | CVE-2023-37858 | Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | 4.9 |
| 2023-08-08 | CVE-2023-3569 | XML Entity Expansion vulnerability in Phoenixcontact products In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. | 4.9 |
| 2023-06-13 | CVE-2023-2673 | Improper Validation of Specified Type of Input vulnerability in Phoenixcontact products Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. | 5.3 |
| 2021-11-10 | CVE-2021-34598 | Memory Leak vulnerability in Phoenixcontact FL Mguard 1102 Firmware and FL Mguard 1105 Firmware In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | 4.3 |