Vulnerabilities
Vulnerable Software
Phoenixcontact:  Security Vulnerabilities
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-03-26
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
CVSS Score
9.8
EPSS Score
0.031
Published
2019-02-26
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).
CVSS Score
8.1
EPSS Score
0.023
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.
CVSS Score
5.3
EPSS Score
0.019
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
CVSS Score
9.1
EPSS Score
0.046
Published
2018-05-17
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
CVSS Score
9.0
EPSS Score
0.028
Published
2018-05-17
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
CVSS Score
7.3
EPSS Score
0.058
Published
2018-04-05
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
CVSS Score
7.3
EPSS Score
0.112
Published
2018-04-05
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVSS Score
7.3
EPSS Score
0.112
Published
2018-04-05
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-01-30


Contact Us

Shodan ® - All rights reserved