21 matches found
CVE-2023-0757
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...
CVE-2023-5592
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...
Design/Logic Flaw
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...
CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...
CVE-2023-5592
The CVE-2023-5592 issue affects PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS eCLR (SDK). The root cause is a download of code without integrity checks, allowing an unauthenticated remote attacker to download and execute applications on the device, which may result in a complete loss of ...
PHOENIX CONTACT ProConOS/ProConOS eCLR Security Vulnerabilities
PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK, which originates from a code download without integrity check vulnerability in the...
PT-2023-7874 · Phoenix Contact · Phoenix Contact Multiprog +1
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to the download of code without integrity checks, allowing an unauthenticated remote attacker to download and execu...
PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...
多款Phoenix Contact产品数据伪造问题漏洞
Phoenix Contact ProConOS/ProConOS eCLR is a series of embedded automation devices from Phoenix Contact, Germany. Phoenix Contact ProConOS, ProConOS eCLR, and MULTIPROG are vulnerable to a data forgery issue, which could allow an unauthenticated, remote attacker to upload malicious logic to a...
Phoenix Contact ProConOS and MULTIPROG
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...
MULTIPROG suffers from a buffer overflow vulnerability in processing LST files
MULTIPROG is the PLC programming software of TENGCONTROL TECHNOLOGY China. MULTIPROG has a buffer overflow vulnerability in the handling of LST files, where an attacker can cause a buffer overflow and arbitrary code execution by constructing a malformed LST file...
Phoenix Contact ILC Authentication Bypass Vulnerability
Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An authentication bypass vulnerability exists in Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to gain access to the web serve...
Phoenix Contact ILC Information Disclosure Vulnerability
Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An information disclosure vulnerability exists in Phoenix Contact ILC PLCs due to sensitive information being stored in clear text. An attacker could exploit th...
Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability
OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...
CVE-2014-9195
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic...
CVE-2014-9195 Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic...
CVE-2014-9195
CVE-2014-9195 targets Phoenix Contact ProConOs and MultiProg, where missing authentication allows remote attackers to execute commands via protocol traffic. Connected materials confirm: (1) affected products: ProConOs and MultiProg; (2) vulnerability type: missing authentication for critical func...