CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3572 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3572
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3571 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3571
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3573 – PHOENIX CONTACT: Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-3573
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2023-2673 – PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation
https://notcve.org/view.php?id=CVE-2023-2673
Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. • https://cert.vde.com/en/advisories/VDE-2023-010 • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1109 – PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
https://notcve.org/view.php?id=CVE-2023-1109
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. • https://cert.vde.com/en/advisories/VDE-2023-003 https://github.com/advisories/GHSA-w923-8w64-f5gh • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •