Vulnerabilities > Phoenixcontact > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2021-34597 | Improper Input Validation vulnerability in Phoenixcontact PC Worx and PC Worx Express Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | 6.8 |
| 2021-06-25 | CVE-2021-21002 | Missing Release of Resource after Effective Lifetime vulnerability in Phoenixcontact products In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. | 5.0 |
| 2021-06-25 | CVE-2021-21003 | Improper Resource Shutdown or Release vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. | 5.0 |
| 2021-06-25 | CVE-2021-21004 | Cross-site Scripting vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. | 4.3 |
| 2021-06-25 | CVE-2021-33542 | Access of Uninitialized Pointer vulnerability in Phoenixcontact Config+ and PC Worx Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. | 5.1 |
| 2020-12-17 | CVE-2020-12523 | Missing Initialization of Resource vulnerability in Phoenixcontact products On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. | 6.4 |
| 2020-12-17 | CVE-2020-12521 | Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | 6.1 |
| 2020-12-17 | CVE-2020-12518 | Information Exposure vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | 5.0 |
| 2020-12-17 | CVE-2020-12517 | Cross-site Scripting vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | 6.0 |
| 2020-12-02 | CVE-2020-12524 | Resource Exhaustion vulnerability in Phoenixcontact products Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | 5.0 |