79 matches found
PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...
Phoenix Contact PLCnext Improper Input Validation (CVE-2021-34570)
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Phoenix Contact PLCnext Control Insufficient Read and Write Protection to Logic and Runtime Data (CVE-2023-46142)
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
Phoenix Contact PLCnext Control Integrity Check Fails to Identify Out-of-Band Logic Changes (CVE-2023-46144)
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. This plugin only works with Tenable.ot. Please visit...
CVE-2023-46144
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices...
CVE-2023-46142
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...
CVE-2023-46144
CVE-2023-46144 affects Phoenix Contact PLCnext Engineer and PLCnext Control devices. Description: a download of code without integrity check allows a remote attacker with low privileges to compromise the integrity of the affected engineering station and connected devices. Root cause: missing inte...
CVE-2023-46142
CVE-2023-46142 concerns Phoenix Contact PLCnext Control devices. The issue is an incorrect permission assignment for critical resources that could let a remote attacker with low privileges gain full control of the affected devices. Public sources in the provided documents consistently identify PL...
PHOENIX CONTACT PLCnext Control Devices Security Breach
PHOENIX CONTACT PLCnext Control Devices is a programmable logic controller for industrial environments from PHOENIX CONTACT. A security vulnerability exists in PHOENIX CONTACT PLCnext Control Devices, which arises from an incorrect assignment of critical resource privileges that could allow a...
PT-2023-29874 · Plcnext · Plcnext
Name of the Vulnerable Software and Affected Versions: PLCnext products affected versions not specified Description: A download of code without integrity check issue in PLCnext products allows a remote attacker with low privileges to compromise integrity on the affected engineering station and th...
PT-2023-29873 · Plcnext · Plcnext
Name of the Vulnerable Software and Affected Versions: PLCnext products affected versions not specified Description: A vulnerability due to incorrect permission assignment for critical resources in PLCnext products allows a remote attacker with low privileges to gain full access to the affected...
PHOENIX CONTACT PLCnext Engineer and PLCnext Control Devices Security Vulnerability
PHOENIX CONTACT PLCnext Engineer and PHOENIX CONTACT PLCnext Control Devices are both products of PHOENIX CONTACT, Germany. PHOENIX CONTACT PLCnext Engineer is an engineering software platform for automation controllers and PHOENIX CONTACT PLCnext Control Devices are programmable logic controller...
Multiple Codesys Products Security Breach
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A security vulnerability exists in several Codesys products due to a failure to perform filtering on certain file types. The following products and versions are affected: CODESYS...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Buffer Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A buffer error vulnerability exists in several Codesys products, which stems from a specially crafted remote communication request that could cause the CmpAppBP component to overwrite...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunit...