CVSS: 7.3EPSS: 11%CPEs: 2EXPL: 2CVE-2016-8366 – Phoenix Contact WebVisit 6.40.00 - Password Disclosure
https://notcve.org/view.php?id=CVE-2016-8366
05 Apr 2018 — Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. Webvisit en los PLC de Phoenix Contact ILC ofrece una macro de contraseña para proteger las páginas HMI en el PLC contra la apertura casual o intencionada de páginas HMI por parte del usuario. La macro de contraseña puede configurarse de forma que l... • https://packetstorm.news/files/id/149763 • CWE-255: Credentials Management Errors CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 2CVE-2016-8371 – Phoenix Contact WebVisit 2985725 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-8371
05 Apr 2018 — The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. El servidor web de los PLC Phoenix Contact ILC puede ser accedido sin autenticación incluso aunque el mecanismo de autenticación esté habilitado. Phoenix Contact WebVisit 2985725 suffers from an authentication bypass vulnerability. • https://packetstorm.news/files/id/149776 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 2CVE-2016-8380 – Phoenix Contact WebVisit 2985725 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-8380
05 Apr 2018 — The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. El servidor web en los PLC Phoenix Contact ILC permite el acceso a las variables PLC de lectura y escritura sin autenticación. Phoenix Contact WebVisit 2985725 suffers from an authentication bypass vulnerability. • https://packetstorm.news/files/id/149776 • CWE-287: Improper Authentication CWE-767: Access to Critical Private Variable via Public Method •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2018-5441
https://notcve.org/view.php?id=CVE-2018-5441
30 Jan 2018 — An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. Se ha descubierto un problema de validación indebida de valores de comprobación de integridad en PHOENIX CONTACT mGuard, en versiones de firmware 7.2 a 8.6.0. Los disp... • http://www.securityfocus.com/bid/102907 • CWE-20: Improper Input Validation CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2017-16741
https://notcve.org/view.php?id=CVE-2017-16741
12 Jan 2018 — An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. Se ha descubierto un problema de exposición de información en productos PHOENIX CONTACT FL SWITCH 3xxx, 4xxx y 48xxx Series que ejecutan las versiones de firmware 1.0 a 1.32. Un atacante remoto no autenticado podría emplear Monitor Mode en el disposi... • https://cert.vde.com/en-us/advisories/vde-2017-006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 60EXPL: 0CVE-2017-16743
https://notcve.org/view.php?id=CVE-2017-16743
12 Jan 2018 — An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. Se ha descubierto un problema de autorización indebida en productos PHOENIX CONTACT FL SWITCH 3xxx, 4xxx y 48xxx Series que ejecutan las versiones de fi... • https://cert.vde.com/en-us/advisories/vde-2017-006 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2017-16723
https://notcve.org/view.php?id=CVE-2017-16723
11 Dec 2017 — A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. Se ha descubierto un problema de Cross-Site Scripting en PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, F... • http://www.securityfocus.com/bid/102111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10053 – OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
https://notcve.org/view.php?id=CVE-2017-10053
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Ja... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 1%CPEs: 46EXPL: 0CVE-2017-10078 – OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539)
https://notcve.org/view.php?id=CVE-2017-10078
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE ... • http://www.debian.org/security/2017/dsa-3919 •