Phoenixcontact: Security Vulnerabilities
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
CVSS Score
9.8
EPSS Score
0.02
Published
2019-02-26
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).
CVSS Score
8.1
EPSS Score
0.013
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
CVSS Score
9.1
EPSS Score
0.034
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
CVSS Score
9.0
EPSS Score
0.014
Published
2018-05-17
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
CVSS Score
7.3
EPSS Score
0.116
Published
2018-04-05
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
CVSS Score
7.3
EPSS Score
0.243
Published
2018-04-05
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVSS Score
7.3
EPSS Score
0.243
Published
2018-04-05
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-30
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
CVSS Score
5.3
EPSS Score
0.008
Published
2018-01-12