3 matches found
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...
CVE-2022-31801
CVE-2022-31801 concerns Phoenix Contact’s ProConOS/ProConOS eCLR SDK and MULTIPROG. The vulnerability is caused by insufficient verification of data authenticity (CWE-345), enabling an unauthenticated, remote attacker to upload arbitrary malicious logic to a ProConOS/eCLR-based device and achieve...
Phoenix Contact ProConOS and MULTIPROG
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...