Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phoenixcontact vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2022-29897
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.
Phoenixcontact Rad-ism-900-en-bd Firmware
Phoenixcontact Rad-ism-900-en-bd\\/b Firmware
Phoenixcontact Rad-ism-900-en-bd-bus Firmware
9
CVSSv2
CVE-2022-29898
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
Phoenixcontact Rad-ism-900-en-bd Firmware
Phoenixcontact Rad-ism-900-en-bd\\/b Firmware
Phoenixcontact Rad-ism-900-en-bd-bus Firmware
6
CVSSv2
CVE-2020-12517
On Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
Phoenixcontact Plcnext Firmware
5
CVSSv2
CVE-2020-12518
On Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
Phoenixcontact Plcnext Firmware
10
CVSSv2
CVE-2020-12519
On Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
Phoenixcontact Plcnext Firmware
6.1
CVSSv2
CVE-2020-12521
On Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.
Phoenixcontact Plcnext Firmware
5
CVSSv2
CVE-2016-8366
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
7.5
CVSSv2
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
7.5
CVSSv2
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
NA
CVE-2023-3935
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote malicious user to achieve RCE and gain full access of the host system.
Wibu Codemeter Runtime
Trumpf Tubedesign
Trumpf Trutopsweld
Trumpf Trutopsprintmultilaserassistant
Trumpf Trutopsprint
Trumpf Trutops Mark 3d
Trumpf Trutopsfab Storage Smallstore
Trumpf Trutopsfab
Trumpf Trutops Cell Sw48
Trumpf Trutops Cell Classic
Trumpf Trutopsboost
Trumpf Trutops
Trumpf Trumpflicenseexpert
Trumpf Topscalculation
Trumpf Teczonebend
Trumpf Tops Unfold 05.03.00.00
Trumpf Programmingtube
Trumpf Oseon
Phoenixcontact Module Type Package Designer 1.2.0
Phoenixcontact Module Type Package Designer
Phoenixcontact Activation Wizard
Phoenixcontact Plcnext Engineer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »