Phoenix Contact ILC PLCs Cleartext Storage of Sensitive Information (CVE-2016-8366)

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. This plugin only works with...

Phoenix Contact WebVisit 6.40.00 - Password Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...

CVE-2016-8366

CVE-2016-8366 affects Phoenix Contact ILC PLCs with WebVisit. The vulnerability arises from a password macro where credentials can be stored and transferred in clear text, enabling potential exposure of user passwords via the HMI protection mechanism. Connected documents confirm the issue is tied...

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...