CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 1CVE-2019-9201
https://notcve.org/view.php?id=CVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. Múltiples dispositivos Phoenix Contact permiten a los atacantes remotos establecer sesiones TCP al puerto 1962 y obtener información sensible o realizar cambios, como se ha demostrado al utilizar la función Crear copia de seguridad para recorrer todos los directorios • https://cert.vde.com/en/advisories/VDE-2019-015 https://medium.com/%40SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2018-10728
https://notcve.org/view.php?id=CVE-2018-10728
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a desbordamientos de búfer (una vulnerabilidad distinta de CVE-2018-10731). • http://www.securityfocus.com/bid/104231 https://cert.vde.com/de-de/advisories/vde-2018-006 https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 58EXPL: 0CVE-2018-10731
https://notcve.org/view.php?id=CVE-2018-10731
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a desbordamientos de búfer cuando se gestionan cookies muy grandes (una vulnerabilidad distinta de CVE-2018-10728). • http://www.securityfocus.com/bid/104231 https://cert.vde.com/de-de/advisories/vde-2018-007 https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2018-10729
https://notcve.org/view.php?id=CVE-2018-10729
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 permiten la lectura del archivo de configuración por un usuario no autenticado. • http://www.securityfocus.com/bid/104231 https://cert.vde.com/de-de/advisories/vde-2018-005 https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 58EXPL: 0CVE-2018-10730
https://notcve.org/view.php?id=CVE-2018-10730
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a una inyección de comandos del sistema operativo. • http://www.securityfocus.com/bid/104231 https://cert.vde.com/de-de/advisories/vde-2018-004 https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •