Design/Logic Flaw

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

Design/Logic Flaw

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801

CVE-2022-31801 concerns Phoenix Contact’s ProConOS/ProConOS eCLR SDK and MULTIPROG. The vulnerability is caused by insufficient verification of data authenticity (CWE-345), enabling an unauthenticated, remote attacker to upload arbitrary malicious logic to a ProConOS/eCLR-based device and achieve...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31800

CVE-2022-31800 affects Phoenix Contact classic line industrial controllers (ILC, AXC, RFC, and related PC WORX/FC variants) using ProConOS/ProConOS eCLR. The root cause is insufficient verification of data authenticity which could let an unauthenticated, remote attacker upload malicious logic and...

CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. A data forgery issue vulnerability exists in several Phoenix Contact products, which could allow an unauthenticated, remote attacker to upload malicious logic to a ProConOS/ProConOS...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. Phoenix Contact ProConOS, ProConOS eCLR, and MULTIPROG are vulnerable to a data forgery issue, which could allow an unauthenticated, remote attacker to upload malicious logic to a...

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...

CVE-2022-31800

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2018-5452

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro ProConOS v.4.01.280 firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547...

CVE-2018-5452

The CVE-2018-5452 vulnerability affects Emerson ControlWave Micro Process Automation Controller (ProConOS v.4.01.280; firmware CWM v.05.78.00 and earlier). It is a stack-based buffer overflow triggered by crafting packets to port 20547, which can cause the PLC to halt. Impact described includes p...

ProConOS Service Detection (TCP)

TCP based detection of a ProConOS service. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140498...

Phoenix Contact ILC Authentication Bypass Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An authentication bypass vulnerability exists in Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to gain access to the web serve...

Phoenix Contact ILC Information Disclosure Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An information disclosure vulnerability exists in Phoenix Contact ILC PLCs due to sensitive information being stored in clear text. An attacker could exploit th...

The vulnerabilities of KW Multiprog and KW ProConOS in programming and debugging tools allow attackers to execute arbitrary commands.

The vulnerability of KW Multiprog and KW ProConOS programming and debugging tools is related to errors in managing registration data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the PLK configuration protocol...

PhoenixContact PLC Remote START/STOP Command

PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU...

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...