CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8768
https://notcve.org/view.php?id=CVE-2020-8768
17 Feb 2020 — An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Se detectó un problema en Phoenix Contact Emalytics Controller ILC 2050 BI versiones anteriores a 1.2.3 y BI-L versiones anteriores a 1.2.3. Se presenta un mecanismo no seguro para el acceso de lectura y escritura a l... • https://cert.vde.com/de-de/advisories/vde-2020-001 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 7%CPEs: 3EXPL: 0CVE-2019-16675 – Phoenix Contact Automationworx MWT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-16675
31 Oct 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. Se detectó un problema en PHO... • https://cert.vde.com/en-us/advisories • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12869 – Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12869
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12870 – Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12870
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PHOENI... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12871 – Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12871
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detecto un problema en PHOENIX CONTAC... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10998
https://notcve.org/view.php?id=CVE-2019-10998
18 Jun 2019 — An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity. Se descubrió un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. El acceso físico ilimitado al PLC puede co... • https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10997
https://notcve.org/view.php?id=CVE-2019-10997
17 Jun 2019 — An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell. Se descubrió un problema en el Phoenix Contact AXC F 2152 (No.2404267) antes de 2019.0 LTS y AXC F 2152 STARTERKIT (No.1046568) antes de los dispositivos 2019.0 LTS. Fuzzing d... • https://dam-mdc.phoenixcontact.com/asset/156443151564/fa7be4d04c301f18c6cc0e0872193a42/Security_Advisory_AXC_F_2152_FW.pdf •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13994
https://notcve.org/view.php?id=CVE-2018-13994
07 May 2019 — The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. La interfaz web de usuario de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones desde 1.0 hasta 1.34, es vulnerable a un ataque de denegación de servicio al realizar mas de 120 conexiones. • http://www.securityfocus.com/bid/106737 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13993
https://notcve.org/view.php?id=CVE-2018-13993
07 May 2019 — The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones 1.0 a 1.34 es propenso a CSRF • http://www.securityfocus.com/bid/106737 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13992
https://notcve.org/view.php?id=CVE-2018-13992
07 May 2019 — The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones 1.0 a 1.34 permite la transmisión de texto plano (HTTP) de las credenciales de usuario por defecto. • http://www.securityfocus.com/bid/106737 • CWE-311: Missing Encryption of Sensitive Data •