CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3572 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3572
08 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3571 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3571
08 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2023-3573 – PHOENIX CONTACT: Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3573
08 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2023-2673 – PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation
https://notcve.org/view.php?id=CVE-2023-2673
13 Jun 2023 — Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. • https://cert.vde.com/en/advisories/VDE-2023-010 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1109 – PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
https://notcve.org/view.php?id=CVE-2023-1109
17 Apr 2023 — In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. • https://cert.vde.com/en/advisories/VDE-2023-003 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3461 – Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite
https://notcve.org/view.php?id=CVE-2022-3461
15 Nov 2022 — In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. En PHOENIX CONTACT Automationworx Software Suite hasta la versión 1.89, los archivos PC Worx o Config+ manipulados podían provocar un desbordamiento del búfer de pila y una violación del acceso ... • https://cert.vde.com/en/advisories/VDE-2022-048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3737 – Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite
https://notcve.org/view.php?id=CVE-2022-3737
15 Nov 2022 — In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. En PHOENIX CONTACT Automationworx Software Suite hasta la versión 1.89 la memoria puede leerse más allá de lo previsto debido a una validación insuficiente de los datos de entrada. La disponibilidad, la int... • https://cert.vde.com/en/advisories/VDE-2022-048 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0CVE-2022-3480 – Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family
https://notcve.org/view.php?id=CVE-2022-3480
15 Nov 2022 — A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. Un atacante remoto no autenticado podría provocar una Denegación de Servicio (DoS) de los dispositivos PHOENIX CONTACT FL MGUARD y TC MGUARD inferiores a la versión 8.9.0 al enviar una mayor ... • https://cert.vde.com/en/advisories/VDE-2022-051 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34579 – PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management
https://notcve.org/view.php?id=CVE-2021-34579
09 Nov 2022 — In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. En Phoenix Contact: FL MGUA... • https://cert.vde.com/en/advisories/VDE-2021-035 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2022-31801 – Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
https://notcve.org/view.php?id=CVE-2022-31801
21 Jun 2022 — An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Un atacante remoto no autenticado podría cargar lógica maliciosa en los dispositivos basados en ProConOS/ProConOS eCLR para conseguir el control total del dispositivo • https://cert.vde.com/en/advisories/VDE-2022-026 • CWE-345: Insufficient Verification of Data Authenticity •