Vulnerabilities > Phoenixcontact > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-21 | CVE-2020-12499 | Path Traversal vulnerability in Phoenixcontact Plcnext Engineer 202031 In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | 4.4 |
| 2020-07-01 | CVE-2020-12498 | Out-of-bounds Read vulnerability in Phoenixcontact PC Worx and PC Worx Express mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. | 6.8 |
| 2020-03-27 | CVE-2020-10940 | Improper Privilege Management vulnerability in Phoenixcontact products Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. | 4.6 |
| 2020-03-27 | CVE-2020-10939 | Improper Privilege Management vulnerability in Phoenixcontact PC Worx SRT Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | 4.6 |
| 2020-03-12 | CVE-2020-9435 | Use of Hard-coded Credentials vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. | 5.0 |
| 2020-02-18 | CVE-2019-18352 | Unspecified vulnerability in Phoenixcontact products Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. | 4.3 |
| 2019-10-31 | CVE-2019-16675 | Out-of-bounds Read vulnerability in Phoenixcontact Config+ and PC Worx An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. | 6.8 |
| 2019-06-24 | CVE-2019-12870 | Access of Uninitialized Pointer vulnerability in Phoenixcontact Automationworx Software Suite An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. | 6.8 |
| 2019-06-24 | CVE-2019-12869 | Out-of-bounds Read vulnerability in Phoenixcontact Automationworx Software Suite An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. | 6.8 |
| 2019-06-24 | CVE-2019-12871 | Use After Free vulnerability in Phoenixcontact Automationworx Software Suite An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. | 6.8 |