Filtered by vendor Phoenixcontact
Subscriptions
Total
108 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-34582 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2024-09-16 | 4.8 Medium |
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | ||||
CVE-2016-8371 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-09-16 | N/A |
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | ||||
CVE-2022-29898 | 1 Phoenixcontact | 6 Rad-ism-900-en-bd, Rad-ism-900-en-bd-bus, Rad-ism-900-en-bd-bus Firmware and 3 more | 2024-09-16 | 9.1 Critical |
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. | ||||
CVE-2020-12523 | 1 Phoenixcontact | 18 Fl Mguard Rs4004 Tx\/dtx, Fl Mguard Rs4004 Tx\/dtx Firmware, Fl Mguard Rs4004 Tx\/dtx Vpn and 15 more | 2024-09-16 | 5.4 Medium |
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource | ||||
CVE-2022-31801 | 2 Phoenixcontact, Phoenixcontact-software | 3 Multiprog, Proconos, Proconos Eclr | 2024-09-16 | 9.8 Critical |
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | ||||
CVE-2019-9201 | 1 Phoenixcontact | 16 Axc 1050, Axc 1050 Firmware, Ilc 131 Eth and 13 more | 2024-09-16 | 9.8 Critical |
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | ||||
CVE-2021-34598 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2024-09-16 | 7.5 High |
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | ||||
CVE-2021-34597 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-09-16 | 7.8 High |
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | ||||
CVE-2022-31800 | 1 Phoenixcontact | 34 Axc 1050, Axc 1050 Firmware, Axc 1050 Xc and 31 more | 2024-09-16 | 9.8 Critical |
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. | ||||
CVE-2024-3913 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2024-09-13 | 7.5 High |
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | ||||
CVE-2024-7734 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 5.3 Medium |
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers. | ||||
CVE-2024-7699 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. | ||||
CVE-2024-43385 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | ||||
CVE-2024-43386 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. | ||||
CVE-2024-43387 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. | ||||
CVE-2024-43388 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. | ||||
CVE-2024-6788 | 1 Phoenixcontact | 4 Charx Sec 3000, Charx Sec 3050, Charx Sec 3100 and 1 more | 2024-08-13 | 8.6 High |
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | ||||
CVE-2017-16723 | 1 Phoenixcontact | 26 Fl Com Server Rs232, Fl Com Server Rs232 Firmware, Fl Com Server Rs485 and 23 more | 2024-08-05 | N/A |
A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. | ||||
CVE-2017-16743 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-08-05 | N/A |
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. | ||||
CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-08-05 | N/A |
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. |