CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the improper assignment of permissions to a critical resource. This allows a perpetrator to execute arbitrary code and gain full control over the application.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to execute arbitrary...

CVE-2023-5592

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

Design/Logic Flaw

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592

The CVE-2023-5592 issue affects PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS eCLR (SDK). The root cause is a download of code without integrity checks, allowing an unauthenticated remote attacker to download and execute applications on the device, which may result in a complete loss of ...

PHOENIX CONTACT ProConOS/ProConOS eCLR Security Vulnerabilities

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK, which originates from a code download without integrity check vulnerability in the...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

PHOENIX CONTACT ProConOS/ProConOS eCLR 安全漏洞

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ProConOS/ProConOS eCLR, which stems from an incorrect assignment of critical resource privileges that allows an unauthenticated,...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, allows a perpetrator to gain full control over the device.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full...

CVE-2022-31800

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

Design/Logic Flaw

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801

CVE-2022-31801 concerns Phoenix Contact’s ProConOS/ProConOS eCLR SDK and MULTIPROG. The vulnerability is caused by insufficient verification of data authenticity (CWE-345), enabling an unauthenticated, remote attacker to upload arbitrary malicious logic to a ProConOS/eCLR-based device and achieve...

CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31800

CVE-2022-31800 affects Phoenix Contact classic line industrial controllers (ILC, AXC, RFC, and related PC WORX/FC variants) using ProConOS/ProConOS eCLR. The root cause is insufficient verification of data authenticity which could let an unauthenticated, remote attacker upload malicious logic and...

CVE-2022-31801

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

多款Phoenix Contact产品数据伪造问题漏洞

Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. Phoenix Contact ProConOS, ProConOS eCLR, and MULTIPROG are vulnerable to a data forgery issue, which could allow an unauthenticated, remote attacker to upload malicious logic to a...

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...