Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phoenixcontact vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5592
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote malicious user to download and execute applications without integrity checks on the device which may result in a complete loss...
Phoenixcontact Multiprog
Phoenixcontact Proconos Eclr
4.3
CVSSv2
CVE-2019-18352
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security.
Phoenixcontact Fl Nat 2208 Firmware
Phoenixcontact Fl Nat 2304-2gc-2sfp Firmware
4.6
CVSSv2
CVE-2020-10940
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER up to and including 3.0.7 when installed to run as a service.
Phoenixcontact Portico Server 16 Client
Phoenixcontact Portico Server 1 Client
Phoenixcontact Portico Server 4 Client
6.8
CVSSv2
CVE-2020-12497
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and previous versions can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Phoenixcontact Pc Worx
Phoenixcontact Pc Worx Express
6.8
CVSSv2
CVE-2020-12498
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and previous versions is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Phoenixcontact Pc Worx
Phoenixcontact Pc Worx Express
6.8
CVSSv2
CVE-2021-34597
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
Phoenixcontact Pc Worx
Phoenixcontact Pc Worx Express
7.5
CVSSv2
CVE-2014-9195
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote malicious users to execute arbitrary commands via protocol-compliant traffic.
Phoenixcontact-software Multiprog 5.0
Phoenixcontact-software Proconos Eclr
1 EDB exploit
5
CVSSv2
CVE-2021-21002
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.
Phoenixcontact Fl Comserver Uni 232\\/422\\/485 Firmware
Phoenixcontact Fl Comserver Uni 232\\/422\\/485-t Firmware
NA
CVE-2021-34579
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web se...
Phoenixcontact Fl Mguard Dm 1.12.0
Phoenixcontact Fl Mguard Dm 1.13.0
9
CVSSv2
CVE-2019-9743
An issue exists on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
Phoenixcontact Rad-80211-xd\\/hp-bus Firmware -
Phoenixcontact Rad-80211-xd Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »