CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31801 – Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
https://notcve.org/view.php?id=CVE-2022-31801
21 Jun 2022 — An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Un atacante remoto no autenticado podría cargar lógica maliciosa en los dispositivos basados en ProConOS/ProConOS eCLR para conseguir el control total del dispositivo • https://cert.vde.com/en/advisories/VDE-2022-026 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 3CVE-2014-9195 – Phoenix Contact ILC 150 ETH PLC - Remote Control Script
https://notcve.org/view.php?id=CVE-2014-9195
17 Jan 2015 — Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. Phoenix Contact ProConOs y MultiProg no requieren autenticación, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de trafico conforme con el protocolo. PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547... • https://packetstorm.news/files/id/180781 • CWE-255: Credentials Management Errors •