34 matches found
EUVD-2019-2712
Malware in sbrugna...
EUVD-2019-2711
Malware in sbrugna...
PHOENIX CONTACT多款产品 后置链接漏洞
PHOENIX CONTACT AXC F 1152 and others are a controller device from PHOENIX CONTACT, Germany. A post-link vulnerability exists in several PHOENIX CONTACT products, which can be exploited by a low-privileged remote attacker to gain read, write, and execute privileges to arbitrary files on the devic...
PHOENIX CONTACT多款产品 安全漏洞
PHOENIX CONTACT AXC F 1152 and others are a controller device from PHOENIX CONTACT, Germany. A security vulnerability exists in various PHOENIX CONTACT products, which stems from incorrect default permissions in the configuration file, which could lead to a low-privilege attacker forcing the...
PHOENIX CONTACT多款产品 后置链接漏洞
PHOENIX CONTACT AXC F 1152 and others are a controller device from PHOENIX CONTACT, Germany. A backlink vulnerability exists in various PHOENIX CONTACT products, which stems from the fact that key files used by the watchdog can be replaced, potentially allowing a low-privileged attacker to gain...
PHOENIX CONTACT多款产品 后置链接漏洞
PHOENIX CONTACT AXC F 1152 is a controller device from PHOENIX CONTACT. A backlink vulnerability exists in several PHOENIX CONTACT products, which can be exploited by a low-privilege remote attacker to gain read, write, and execute privileges to arbitrary files on the device by replacing key file...
PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunit...
Phoenix Contact PLCnext Control Insufficient Read and Write Protection to Logic and Runtime Data (CVE-2023-46142)
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
The vulnerability of the microprogramming software for Phoenix AXC 1050, AXC 1050 XC, AXC 3050, and FC 350 PCI ETH controllers lies in the fact that code can be loaded without checking its integrity. This allows an intruder to gain access to read, modify, or delete data.
The vulnerability of the microprogrammed software of the Phoenix AXC 1050, AXC 1050 XC, AXC 3050, and FC 350 PCI ETH controllers lies in the fact that code can be loaded without checking its integrity. Exploiting this vulnerability allows an attacker who operates remotely to gain access to read,...
The vulnerability in the Phoenix Contacts ENERGY AXC control and monitoring terminals for industrial processes and automation systems SMARTRTU AXC IG and SMARTRTU AXC SG allows a perpetrator to gain full control over the device.
The vulnerability of the Phoenix Contacts ENERGY AXC control and monitoring terminals for industrial processes and automation systems, such as SMARTRTU AXC IG and SMARTRTU AXC SG, is related to the possibility of bypassing the security measures. Exploiting this vulnerability can allow a malicious...
Phoenix Contact ENERGY AXC PU Path Traversal (CVE-2023-1109)
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
CVE-2023-1109
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
CVE-2023-1109
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
Design/Logic Flaw
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
CVE-2023-1109 PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
CVE-2023-1109 PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
CVE-2023-1109
Phoenix Contact ENERGY AXC PU Web Service is affected by a path traversal vulnerability (CVE-2023-1109). An authenticated restricted user can craft URLs through the upload/download functionality to access, read, write, and create files across the file system, potentially gaining full control of t...
PT-2023-7105 · Phoenix Contact · Phoenix Contacts Energy Axc Pu
Name of the Vulnerable Software and Affected Versions: Phoenix Contacts ENERGY AXC PU versions affected versions not specified Description: The issue is related to a web service vulnerability that allows an authenticated restricted user of the web frontend to access, read, write, and create files...
PHOENIX CONTACT ENERGY AXC PU 路径遍历漏洞
The PHOENIX CONTACT ENERGY AXC PU is an energy management device from PHOENIX CONTACT, Germany, typically used to monitor and control energy flow in solar and wind energy systems. A path traversal vulnerability exists in versions prior to PHOENIX CONTACT ENERGY AXC PU V04.15.00.00, which originat...
PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...