CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10998
https://notcve.org/view.php?id=CVE-2019-10998
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Se descubrió un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. El acceso físico ilimitado al PLC puede conducir a una manipulación de los datos de las tarjetas SD. • https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10997
https://notcve.org/view.php?id=CVE-2019-10997
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell. Se descubrió un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. Fuzzing de protocolo en PC WORX Ingeniero de un hombre en el atacante central detiene el servicio de PLC. • https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13994
https://notcve.org/view.php?id=CVE-2018-13994
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. La interfaz web de usuario de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones desde 1.0 hasta 1.34, es vulnerable a un ataque de denegación de servicio al realizar mas de 120 conexiones. • http://www.securityfocus.com/bid/106737 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13993
https://notcve.org/view.php?id=CVE-2018-13993
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones 1.0 a 1.34 es propenso a CSRF • http://www.securityfocus.com/bid/106737 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13992
https://notcve.org/view.php?id=CVE-2018-13992
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones 1.0 a 1.34 permite la transmisión de texto plano (HTTP) de las credenciales de usuario por defecto. • http://www.securityfocus.com/bid/106737 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 • CWE-311: Missing Encryption of Sensitive Data •