CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10939
https://notcve.org/view.php?id=CVE-2020-10939
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. Permisos de ruta predeterminados y no seguros en PHOENIX CONTACT PC WORX SRT versiones hasta 1.14, permiten una escalada de privilegios local. • https://cert.vde.com/en-us/advisories/vde-2020-012 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2020-9435 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9435
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation. PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, TC ROUTER 3002T-4G ATT versiones hasta 2.05.3, TC CLOUD CLIENTE 1002-4G versiones hasta 2.03.17, y los dispositivos TC CLOUD CLIENTE 1002-TXTX versiones hasta 1.03.17, contienen un certificado embebido (y clave) que es usado por defecto para los servicios basados ??en web en el dispositivo. Los ataques de suplantación, de tipo man-in-the-middle o de descifrado pasivo son posibles si el certificado genérico no es reemplazado por un certificado específico del dispositivo durante la instalación. • http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/15 https://cert.vde.com/en-us/advisories https://cert.vde.com/en-us/advisories/vde-2020-003 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 13%CPEs: 12EXPL: 2CVE-2020-9436 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9436
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, TC ROUTER 3002T-4G ATT versiones hasta 2.05.3, TC CLOUD CLIENTE 1002-4G versiones hasta 2.03.17, y los dispositivos TC CLOUD CLIENTE 1002-TXTX versiones hasta 1.03.17, permiten a usuarios autenticados inyectar comandos del sistema por medio de una petición POST modificada en una URL específica. Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. • http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/15 https://cert.vde.com/en-us/advisories https://cert.vde.com/en-us/advisories/vde-2020-003 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16994
https://notcve.org/view.php?id=CVE-2018-16994
An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. Se descubrió un problema en PHOENIX CONTACT AXL F BK PN anterior o igual 1.0.4, AXL F BK ETH anterior o igual 1.12 y dispositivos AXL F BK ETH XC anterior o igual 1.11 y Bosch Rexroth S20-ETH-BK y Rexroth S20-PN-BK + (los acopladores de bus de campo S20-PN-BK + / S20-ETH-BK vendidos por Bosch Rexroth contienen tecnología de Phoenix Contact). El manejo incorrecto de una solicitud con símbolos no estándar permite a los atacantes remotos iniciar un bloqueo completo del acoplador del bus. • https://psirt.bosch.com/security-advisories/bosch-sa-645125.html https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advirory_CVE-2018-16994.pdf •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18352
https://notcve.org/view.php?id=CVE-2019-18352
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. Se presenta un control de acceso inapropiado en los dispositivos PHOENIX CONTACT FL NAT 2208 versiones anteriores a V2.90 y los dispositivos FL NAT 2304-2GC-2SFP versiones anteriores a V2.90, cuando se usa la seguridad de puerto basada en MAC. • https://cert.vde.com/de-de/advisories/vde-2019-020 •