CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8768
https://notcve.org/view.php?id=CVE-2020-8768
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Se detectó un problema en Phoenix Contact Emalytics Controller ILC 2050 BI versiones anteriores a 1.2.3 y BI-L versiones anteriores a 1.2.3. Se presenta un mecanismo no seguro para el acceso de lectura y escritura a la configuración del dispositivo. • https://cert.vde.com/de-de/advisories/vde-2020-001 https://www.us-cert.gov/ics/advisories/icsa-20-063-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2019-16675 – Phoenix Contact Automationworx MWT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-16675
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. Se detectó un problema en PHOENIX CONTACT PC Worx versiones hasta 1.86, PC Worx Express versiones hasta 1.86 y Config+ versiones hasta 1.86. • https://cert.vde.com/en-us/advisories https://www.us-cert.gov/ics/advisories/icsa-19-302-01 https://www.zerodayinitiative.com/advisories/ZDI-19-922 https://www.zerodayinitiative.com/advisories/ZDI-19-991 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12869 – Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12869
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config+ hasta la versión 1.86 de PHOENIX CONTACT. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-579 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12870 – Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12870
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PHOENIX CONTACT PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config + hasta la versión 1.86. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-575 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-12871 – Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detecto un problema en PHOENIX CONTACT PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config+ hasta la versión 1.86. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-578 • CWE-416: Use After Free •