CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0757 – Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2023-0757
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. Asignación de permisos incorrecta para una vulnerabilidad de recursos críticos en PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) permite a un atacante remoto no autenticado cargar código malicioso arbitrario y obtener acceso completo al dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2023-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-3935 – Wibu: Buffer Overflow in CodeMeter Runtime
https://notcve.org/view.php?id=CVE-2023-3935
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión. • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf https://cert.vde.com/en/advisories/VDE-2023-030 https://cert.vde.com/en/advisories/VDE-2023-031 • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37858 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37858
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37857 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37855 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37855
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •