Lucene search
+L

44 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.11 views

PHOENIX CONTACT Emalytics Controller ILC Incorrect Permission Assignment For Critical Resource (CVE-2020-8768)

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Th...

9.4AI score0.01846EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.14 views

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8380)

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

7.1AI score0.11199EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.16 views

Phoenix Contact ILC PLCs Cleartext Storage of Sensitive Information (CVE-2016-8366)

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. This plugin only works with...

7.1AI score0.05845EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.12 views

Phoenix Contact ILC PLCs Denial of Service (CVE-2021-33541)

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...

7.4AI score0.01493EPSS
Exploits0References2
ICS
ICS
added 2022/06/21 12:0 a.m.71 views

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

9.8CVSS10AI score0.03079EPSS
Exploits1References4
ICS
ICS
added 2022/06/21 12:0 a.m.61 views

Phoenix Contact Classic Line Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC, AXC, RFC, PC WORX, FC Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

10CVSS9.9AI score0.01455EPSS
Exploits1References4
CVE
CVE
added 2020/02/17 8:6 p.m.82 views

CVE-2020-8768

CVE-2020-8768 affects Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3. The root cause is an insecure mechanism for read/write access to the device configuration due to an Incorrect Permission Assignment for Critical Resource . Exploitation could allow an attack...

9.4CVSS9AI score0.01846EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/04/05 4:29 p.m.13 views

Default credentials

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...

5CVSS6.8AI score0.05845EPSS
Exploits4References3
Prion
Prion
added 2018/04/05 4:29 p.m.16 views

Authentication flaw

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

7.5CVSS6.8AI score0.11199EPSS
Exploits4References3
NVD
NVD
added 2018/04/05 4:29 p.m.24 views

CVE-2016-8371

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled...

7.5CVSS7.3AI score0.11199EPSS
Exploits4References3
NVD
NVD
added 2018/04/05 4:29 p.m.20 views

CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

7.5CVSS7AI score0.11199EPSS
Exploits4References3
NVD
NVD
added 2018/04/05 4:29 p.m.23 views

CVE-2016-8366

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...

7.3CVSS7.1AI score0.05845EPSS
Exploits4References3
CVE
CVE
added 2018/04/05 4:0 p.m.77 views

CVE-2016-8380

CVE-2016-8380 affects Phoenix Contact ILC PLCs. The web server exposes read and write access to PLC variables without authentication, constituting an improper authentication vulnerability. The impact is unauthorized access to PLC data and potential manipulation of tag values, as corroborated by m...

7.5CVSS6.9AI score0.11199EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2018/04/05 4:0 p.m.26 views

CVE-2016-8380

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...

7AI score0.11199EPSS
Exploits4References3
CVE
CVE
added 2018/04/05 4:0 p.m.71 views

CVE-2016-8371

CVE-2016-8371 affects Phoenix Contact ILC PLCs where the web server can be reached without authentication even when an authentication mechanism is enabled. The issue is described across multiple sources as an improper authentication vulnerability that could allow unauthorized access to the PLC’s ...

7.5CVSS7.1AI score0.11199EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2018/04/05 4:0 p.m.33 views

CVE-2016-8371

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled...

7.3AI score0.11199EPSS
Exploits4References3
Cvelist
Cvelist
added 2018/04/05 4:0 p.m.27 views

CVE-2016-8366

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...

7.1AI score0.05845EPSS
Exploits4References3
CVE
CVE
added 2018/04/05 4:0 p.m.69 views

CVE-2016-8366

CVE-2016-8366 affects Phoenix Contact ILC PLCs with WebVisit. The vulnerability arises from a password macro where credentials can be stored and transferred in clear text, enabling potential exposure of user passwords via the HMI protection mechanism. Connected documents confirm the issue is tied...

7.3CVSS7AI score0.05845EPSS
Exploits4References3Affected Software1
ICS
ICS
added 2016/11/08 12:0 a.m.191 views

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

7.5CVSS0.8AI score0.11199EPSS
Exploits8References19
ICS
ICS
added 2016/08/12 6:0 a.m.41 views

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

7.5CVSS7.8AI score0.11199EPSS
Exploits8References10
Rows per page
Query Builder