CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

CVE-2023-5592

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

Design/Logic Flaw

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

PHOENIX CONTACT ProConOS/ProConOS eCLR 安全漏洞

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ProConOS/ProConOS eCLR, which stems from an incorrect assignment of critical resource privileges that allows an unauthenticated,...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

CVE-2022-31800

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

Design/Logic Flaw

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. Phoenix Contact ProConOS, ProConOS eCLR, and MULTIPROG are vulnerable to a data forgery issue, which could allow an unauthenticated, remote attacker to upload malicious logic to a...

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...