Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Plcnext Firmware Security Vulnerabilities

cve
cve

CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

9CVSS

9AI Score

0.001EPSS

2020-12-17 11:15 PM
24
cve
cve

CVE-2020-12518

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

5.5CVSS

5.3AI Score

0.0004EPSS

2020-12-17 11:15 PM
24
cve
cve

CVE-2020-12519

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

9.8CVSS

9.2AI Score

0.002EPSS

2020-12-17 11:15 PM
25
cve
cve

CVE-2020-12521

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

6.5CVSS

6.3AI Score

0.001EPSS

2020-12-17 11:15 PM
30