CVSS: 7.7EPSS: 0%CPEs: 17EXPL: 0CVE-2023-46144 – PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check
https://notcve.org/view.php?id=CVE-2023-46144
14 Dec 2023 — A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. Una descarga de código sin vulnerabilidad de verificación de integridad en los productos PLCnext permite que un atacante remoto con privilegios bajos comprometa la integridad de la estación de ingeniería afectada y los dispositivos conectados. • https://https://cert.vde.com/en/advisories/VDE-2023-056 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2023-46143 – Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC
https://notcve.org/view.php?id=CVE-2023-46143
14 Dec 2023 — Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. La vulnerabilidad de descarga de código sin verificación de integridad en los PLC de la línea clásica de PHOENIX CONTACT permite que un atacante remoto no autenticado modifique algunas o todas las aplicaciones en un PLC. • https://cert.vde.com/en/advisories/VDE-2023-057 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.0EPSS: 0%CPEs: 17EXPL: 0CVE-2023-46142 – PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control
https://notcve.org/view.php?id=CVE-2023-46142
14 Dec 2023 — A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. Una asignación de permiso incorrecta para una vulnerabilidad de recursos críticos en los productos PLCnext permite que un atacante remoto con privilegios bajos obtenga acceso completo a los dispositivos afectados. • https://https://cert.vde.com/en/advisories/VDE-2023-056 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2023-46141 – Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2023-46141
14 Dec 2023 — Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. La asignación de permisos incorrecta para una vulnerabilidad de recursos críticos en varios productos de la línea clásica de PHOENIX CONTACT permite que un atacante remoto no autenticado obtenga acceso completo al dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2023-055 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5592 – Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check
https://notcve.org/view.php?id=CVE-2023-5592
14 Dec 2023 — Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity. Vulnerabilidad de descarga de código sin verificación de integridad en PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) permite a un atacante remoto no autenticado descargar y ejecutar aplicaciones sin verific... • https://cert.vde.com/en/advisories/VDE-2023-054 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0757 – Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2023-0757
14 Dec 2023 — Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. Asignación de permisos incorrecta para una vulnerabilidad de recursos críticos en PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) permite a un atacante remoto no autenticado cargar código malicioso arbitrario y obtener acceso completo al dis... • https://cert.vde.com/en/advisories/VDE-2023-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2023-3935 – Wibu: Buffer Overflow in CodeMeter Runtime
https://notcve.org/view.php?id=CVE-2023-3935
13 Sep 2023 — A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión. • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37858 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37858
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37857 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37857
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37855 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37855
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •