78 matches found
CVE-2025-41669
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
CVE-2025-41669
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
CVE-2025-41669
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
EUVD-2025-209952
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
CVE-2025-41669 Insufficient Verification of Data Authenticity
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
CVE-2025-41669 Insufficient Verification of Data Authenticity
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...
CVE-2025-41669
The CVE-2025-41669 entry concerns the PLCnext platform’s Web-based Management. A remote, low-privileged Engineer can install additional APPs downloaded from the PLCnext Store without data verification, enabling arbitrary code execution with root privileges on the PLCnext Control. This could impac...
PHOENIX CONTACT多款产品 数据伪造问题漏洞
PHOENIX CONTACT AXC F 1152, among others, are controller devices produced by the German company PHOENIX CONTACT. Several products from PHOENIX CONTACT have vulnerabilities related to data manipulation. These vulnerabilities stem from the lack of a data validation mechanism when allowing remote,...
PT-2026-43541
Name of the Vulnerable Software and Affected Versions PLCnext Control affected versions not specified Description The Web-based Management interface lacks a data verification mechanism when installing additional APPs downloaded from the PLCnext Store. This allows a remote low-privileged Engineer...
EUVD-2020-4823
Malware in sbrugna...
EUVD-2021-21220
Malware in sbrugna...
EUVD-2020-4801
Malware in sbrugna...
EUVD-2020-4821
Malware in sbrugna...
EUVD-2020-4820
Malware in sbrugna...
EUVD-2020-4819
Malware in sbrugna...
EUVD-2023-50387
Malicious code in bioql PyPI...
EUVD-2023-50385
Malicious code in bioql PyPI...
CVE-2023-46142
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...
CVE-2023-46144
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices...
PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...