EUVD-2022-53190

Malicious code in bioql PyPI...

EUVD-2022-53189

Malicious code in bioql PyPI...

CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

PhoenixContact PLC Remote START/STOP Command

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PhoenixContact PLC Remote START/STOP Command', 'Version' = '1', 'Description' = %q PhoenixContact Programmable Logic Controllers are built upon a...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the loading of code without checking its integrity. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to compromise the integrity of the...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the improper assignment of permissions to a critical resource. This allows a perpetrator to execute arbitrary code and gain full control over the application.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to execute arbitrary...

CVE-2023-5592

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

Design/Logic Flaw

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5592

The CVE-2023-5592 issue affects PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS eCLR (SDK). The root cause is a download of code without integrity checks, allowing an unauthenticated remote attacker to download and execute applications on the device, which may result in a complete loss of ...

CVE-2023-0757 Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

PHOENIX CONTACT ProConOS/ProConOS eCLR Security Vulnerabilities

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK, which originates from a code download without integrity check vulnerability in the...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

PHOENIX CONTACT ProConOS/ProConOS eCLR 安全漏洞

PHOENIX CONTACT ProConOS/ProConOS eCLR is a series of embedded automation devices from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ProConOS/ProConOS eCLR, which stems from an incorrect assignment of critical resource privileges that allows an unauthenticated,...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, allows a perpetrator to gain full control over the device.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full...

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...

CVE-2022-31800

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...

CVE-2022-31801

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device...