CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5592 – Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check
https://notcve.org/view.php?id=CVE-2023-5592
14 Dec 2023 — Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity. Vulnerabilidad de descarga de código sin verificación de integridad en PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) permite a un atacante remoto no autenticado descargar y ejecutar aplicaciones sin verific... • https://cert.vde.com/en/advisories/VDE-2023-054 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0757 – Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2023-0757
14 Dec 2023 — Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. Asignación de permisos incorrecta para una vulnerabilidad de recursos críticos en PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) permite a un atacante remoto no autenticado cargar código malicioso arbitrario y obtener acceso completo al dis... • https://cert.vde.com/en/advisories/VDE-2023-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2022-31801 – Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
https://notcve.org/view.php?id=CVE-2022-31801
21 Jun 2022 — An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Un atacante remoto no autenticado podría cargar lógica maliciosa en los dispositivos basados en ProConOS/ProConOS eCLR para conseguir el control total del dispositivo • https://cert.vde.com/en/advisories/VDE-2022-026 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 84%CPEs: 7EXPL: 3CVE-2014-9195 – Phoenix Contact ILC 150 ETH PLC - Remote Control Script
https://notcve.org/view.php?id=CVE-2014-9195
17 Jan 2015 — Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. Phoenix Contact ProConOs y MultiProg no requieren autenticación, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de trafico conforme con el protocolo. PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547... • https://packetstorm.news/files/id/180781 • CWE-255: Credentials Management Errors •