CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31801 – Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
https://notcve.org/view.php?id=CVE-2022-31801
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Un atacante remoto no autenticado podría cargar lógica maliciosa en los dispositivos basados en ProConOS/ProConOS eCLR para conseguir el control total del dispositivo • https://cert.vde.com/en/advisories/VDE-2022-026 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 1CVE-2014-9195 – Phoenix Contact ILC 150 ETH PLC - Remote Control Script
https://notcve.org/view.php?id=CVE-2014-9195
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. Phoenix Contact ProConOs y MultiProg no requieren autenticación, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de trafico conforme con el protocolo. PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. • https://www.exploit-db.com/exploits/37066 https://ics-cert.us-cert.gov/advisories/ICSA-15-013-03 • CWE-255: Credentials Management Errors •