3 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. El servidor web de los PLC Phoenix Contact ILC puede ser accedido sin autenticación incluso aunque el mecanismo de autenticación esté habilitado. Phoenix Contact WebVisit 2985725 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/45590 http://www.securityfocus.com/bid/94163 https://ics-cert.us-cert.gov/advisories/ICSA-313-01 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •

CVSS: 7.3EPSS: 1%CPEs: 2EXPL: 1

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. Webvisit en los PLC de Phoenix Contact ILC ofrece una macro de contraseña para proteger las páginas HMI en el PLC contra la apertura casual o intencionada de páginas HMI por parte del usuario. La macro de contraseña puede configurarse de forma que la contraseña se almacena y transfiere en texto claro. Phoenix Contact WebVisit version 6.40.00 suffers from a password disclosure vulnerability. • https://www.exploit-db.com/exploits/45586 http://www.securityfocus.com/bid/94163 https://ics-cert.us-cert.gov/advisories/ICSA-313-01 • CWE-255: Credentials Management Errors CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. El servidor web en los PLC Phoenix Contact ILC permite el acceso a las variables PLC de lectura y escritura sin autenticación. Phoenix Contact WebVisit 2985725 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/45590 http://www.securityfocus.com/bid/94163 https://ics-cert.us-cert.gov/advisories/ICSA-313-01 • CWE-287: Improper Authentication CWE-767: Access to Critical Private Variable via Public Method •