CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the improper assignment of permissions to a critical resource. This allows a perpetrator to execute arbitrary code and gain full control over the application.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to execute arbitrary...

CVE-2023-5592

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

Design/Logic Flaw

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592

The CVE-2023-5592 issue affects PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS eCLR (SDK). The root cause is a download of code without integrity checks, allowing an unauthenticated remote attacker to download and execute applications on the device, which may result in a complete loss of ...

PHOENIX CONTACT ProConOS/ProConOS eCLR Security Vulnerabilities

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK, which originates from a code download without integrity check vulnerability in the...

PT-2023-7874 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to the download of code without integrity checks, allowing an unauthenticated remote attacker to download and execu...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, allows a perpetrator to gain full control over the device.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full...

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. Phoenix Contact ProConOS, ProConOS eCLR, and MULTIPROG are vulnerable to a data forgery issue, which could allow an unauthenticated, remote attacker to upload malicious logic to a...

MULTIPROG suffers from a buffer overflow vulnerability in processing LST files

MULTIPROG is the PLC programming software of TENGCONTROL TECHNOLOGY China. MULTIPROG has a buffer overflow vulnerability in the handling of LST files, where an attacker can cause a buffer overflow and arbitrary code execution by constructing a malformed LST file...

Phoenix Contact ILC Authentication Bypass Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An authentication bypass vulnerability exists in Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to gain access to the web serve...

Phoenix Contact ILC Information Disclosure Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An information disclosure vulnerability exists in Phoenix Contact ILC PLCs due to sensitive information being stored in clear text. An attacker could exploit th...

The vulnerabilities of KW Multiprog and KW ProConOS in programming and debugging tools allow attackers to execute arbitrary commands.

The vulnerability of KW Multiprog and KW ProConOS programming and debugging tools is related to errors in managing registration data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the PLK configuration protocol...

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...