10 matches found
CVE-2023-46143
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...
CVE-2023-46141
CVE-2023-46141 affects Phoenix Contact Automation Worx and classic line controllers. The issue is an incorrect permission assignment for a critical resource that can be exploited remotely by an unauthenticated attacker to gain full control of the affected device. Affects multiple products in the ...
PT-2023-7875 · Phoenix Contact · Fc 350 Pci Eth +4
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT classic line PLCs affected versions not specified AXC 1050 AXC 1050 XC AXC 3050 FC 350 PCI ETH Description: The issue allows an unauthenticated remote attacker to modify some or all applications on a PLC due to a lack of code...
Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...
CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...
Phoenix Contact Classic Line Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC, AXC, RFC, PC WORX, FC Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Phoenix Contact Classic Line Industrial Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...
Authentication flaw
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 安全漏洞
The Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 are industrial control devices from Phoenix Contact, Germany. The protocol configuration for device management and communication does not include authentication measures. Phoenix Contact Classic Line Controllers versions ILC1x0 and...