44 matches found
PHOENIX CONTACT Emalytics Controller ILC Incorrect Permission Assignment For Critical Resource (CVE-2020-8768)
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. Th...
Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8380)
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Phoenix Contact ILC PLCs Cleartext Storage of Sensitive Information (CVE-2016-8366)
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. This plugin only works with...
Phoenix Contact ILC PLCs Denial of Service (CVE-2021-33541)
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...
Phoenix Contact Classic Line Industrial Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...
Phoenix Contact Classic Line Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC, AXC, RFC, PC WORX, FC Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
CVE-2020-8768
CVE-2020-8768 affects Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3. The root cause is an insecure mechanism for read/write access to the device configuration due to an Incorrect Permission Assignment for Critical Resource . Exploitation could allow an attack...
Default credentials
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...
Authentication flaw
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled...
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...
CVE-2016-8366
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...
CVE-2016-8380
CVE-2016-8380 affects Phoenix Contact ILC PLCs. The web server exposes read and write access to PLC variables without authentication, constituting an improper authentication vulnerability. The impact is unauthorized access to PLC data and potential manipulation of tag values, as corroborated by m...
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication...
CVE-2016-8371
CVE-2016-8371 affects Phoenix Contact ILC PLCs where the web server can be reached without authentication even when an authentication mechanism is enabled. The issue is described across multiple sources as an improper authentication vulnerability that could allow unauthorized access to the PLC’s ...
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled...
CVE-2016-8366
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text...
CVE-2016-8366
CVE-2016-8366 affects Phoenix Contact ILC PLCs with WebVisit. The vulnerability arises from a password macro where credentials can be stored and transferred in clear text, enabling potential exposure of user passwords via the HMI protection mechanism. Connected documents confirm the issue is tied...
Phoenix Contact ILC PLC Authentication Vulnerabilities
OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...
Phoenix Contact ILC PLC Authentication Vulnerabilities
OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...