CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2023-46143 – Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC
https://notcve.org/view.php?id=CVE-2023-46143
14 Dec 2023 — Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. La vulnerabilidad de descarga de código sin verificación de integridad en los PLC de la línea clásica de PHOENIX CONTACT permite que un atacante remoto no autenticado modifique algunas o todas las aplicaciones en un PLC. • https://cert.vde.com/en/advisories/VDE-2023-057 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2023-46141 – Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2023-46141
14 Dec 2023 — Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. La asignación de permisos incorrecta para una vulnerabilidad de recursos críticos en varios productos de la línea clásica de PHOENIX CONTACT permite que un atacante remoto no autenticado obtenga acceso completo al dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2023-055 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3461 – Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite
https://notcve.org/view.php?id=CVE-2022-3461
15 Nov 2022 — In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. En PHOENIX CONTACT Automationworx Software Suite hasta la versión 1.89, los archivos PC Worx o Config+ manipulados podían provocar un desbordamiento del búfer de pila y una violación del acceso ... • https://cert.vde.com/en/advisories/VDE-2022-048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3737 – Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite
https://notcve.org/view.php?id=CVE-2022-3737
15 Nov 2022 — In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. En PHOENIX CONTACT Automationworx Software Suite hasta la versión 1.89 la memoria puede leerse más allá de lo previsto debido a una validación insuficiente de los datos de entrada. La disponibilidad, la int... • https://cert.vde.com/en/advisories/VDE-2022-048 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12869 – Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12869
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12870 – Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12870
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PHOENI... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12871 – Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12871
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detecto un problema en PHOENIX CONTAC... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-416: Use After Free •