Lucene search
+L

79 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.10 views

PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)

An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...

7.1CVSS6.7AI score0.01002EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.8 views

Phoenix Contact PLCnext Improper Input Validation (CVE-2021-34570)

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

7.8CVSS7.4AI score0.00947EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.21 views

Phoenix Contact PLCnext Control Insufficient Read and Write Protection to Logic and Runtime Data (CVE-2023-46142)

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

8.8CVSS8.1AI score0.00745EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.16 views

Phoenix Contact PLCnext Control Integrity Check Fails to Identify Out-of-Band Logic Changes (CVE-2023-46144)

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. This plugin only works with Tenable.ot. Please visit...

6.5CVSS6.7AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2023/12/14 2:15 p.m.26 views

CVE-2023-46144

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices...

6.5CVSS0.00309EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 2:15 p.m.6 views

CVE-2023-46142

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...

8.8CVSS5.9AI score0.00745EPSS
Exploits0References1
CVE
CVE
added 2023/12/14 2:8 p.m.70 views

CVE-2023-46144

CVE-2023-46144 affects Phoenix Contact PLCnext Engineer and PLCnext Control devices. Description: a download of code without integrity check allows a remote attacker with low privileges to compromise the integrity of the affected engineering station and connected devices. Root cause: missing inte...

6.5CVSS6.5AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/14 2:5 p.m.37 views

CVE-2023-46142

CVE-2023-46142 concerns Phoenix Contact PLCnext Control devices. The issue is an incorrect permission assignment for critical resources that could let a remote attacker with low privileges gain full control of the affected devices. Public sources in the provided documents consistently identify PL...

8.8CVSS8.9AI score0.00745EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.5 views

PHOENIX CONTACT PLCnext Control Devices Security Breach

PHOENIX CONTACT PLCnext Control Devices is a programmable logic controller for industrial environments from PHOENIX CONTACT. A security vulnerability exists in PHOENIX CONTACT PLCnext Control Devices, which arises from an incorrect assignment of critical resource privileges that could allow a...

8.8CVSS7AI score0.00745EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.8 views

PT-2023-29874 · Plcnext · Plcnext

Name of the Vulnerable Software and Affected Versions: PLCnext products affected versions not specified Description: A download of code without integrity check issue in PLCnext products allows a remote attacker with low privileges to compromise integrity on the affected engineering station and th...

6.5CVSS7.2AI score0.00309EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.5 views

PT-2023-29873 · Plcnext · Plcnext

Name of the Vulnerable Software and Affected Versions: PLCnext products affected versions not specified Description: A vulnerability due to incorrect permission assignment for critical resources in PLCnext products allows a remote attacker with low privileges to gain full access to the affected...

8.8CVSS8.7AI score0.00745EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.7 views

PHOENIX CONTACT PLCnext Engineer and PLCnext Control Devices Security Vulnerability

PHOENIX CONTACT PLCnext Engineer and PHOENIX CONTACT PLCnext Control Devices are both products of PHOENIX CONTACT, Germany. PHOENIX CONTACT PLCnext Engineer is an engineering software platform for automation controllers and PHOENIX CONTACT PLCnext Control Devices are programmable logic controller...

6.5CVSS7AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.7 views

Multiple Codesys Products Security Breach

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A security vulnerability exists in several Codesys products due to a failure to perform filtering on certain file types. The following products and versions are affected: CODESYS...

6.5CVSS6.7AI score0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Multiple Codesys Products Buffer Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A buffer error vulnerability exists in several Codesys products, which stems from a specially crafted remote communication request that could cause the CmpAppBP component to overwrite...

6.5CVSS6.9AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.8 views

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.7 views

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.8 views

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.21 views

PHOENIX CONTACT PLCNext AXC F 2152 Improper Access Control (CVE-2019-10998)

An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunit...

6.8AI score0.00395EPSS
Exploits0References3
Rows per page
Query Builder