Unrated severityNVD Advisory· Published Jan 17, 2015· Updated May 6, 2026

CVE-2014-9195

Description

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Affected products

Phoenixcontact Software/Proconos Eclr4 versions
cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:softplc:*:*:*+ 3 more
- cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:softplc:*:*:*
- cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:visual_studio:*:*:*
- cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact-software:proconos_eclr:*:*:*:*:single_chip:*:*:*
Phoenixcontact Software/Multiprog3 versions
cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:express:*:*:*
- cpe:2.3:a:phoenixcontact-software:multiprog:5.0:*:*:*:pro\+:*:*:*
Phoenix Contact/ProConOsv5
Range: All versions
Phoenix Contact/MultiProgv5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-15-013-03nvdThird Party AdvisoryUS Government Resource
www.exploit-db.com/exploits/37066/nvdThird Party AdvisoryVDB Entry
www.cisa.gov/news-events/ics-advisories/icsa-15-013-03nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.066
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000