Published: 17/01/2015 Updated: 29/11/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote malicious users to execute arbitrary commands via protocol-compliant traffic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phoenixcontact-software multiprog 5.0
phoenixcontact-software proconos eclr

#! /usr/bin/env python ''' # Exploit Title: Phoenix Contact ILC 150 ETH PLC Remote Control script # Date: 2015-05-19 # Exploit Author: Photubias - tijl[dot]deneut[at]howest[dot]be # Vendor Homepage: wwwphoenixcontactcom/online/portal/us?urile=pxc-oc-itemdetail:pid=2985330 # Version: ALL FW VERSIONS # Tested on: Pyt ...

This proof of concept exploit will print out the current status of the PLC, continuously every 01 second, after 3 seconds it reverts (start becomes stop, stop becomes cold start), and stops after 5 seconds ...

CWE-255 https://ics-cert.us-cert.gov/advisories/ICSA-15-013-03 https://www.exploit-db.com/exploits/37066/https://nvd.nist.gov https://www.exploit-db.com/exploits/37066/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-9195

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect