VYPR
Vendor

Phoenixcontact

Products
79
CVEs
138
Across products
353
Status
Private

Products

79
View all 79 products →

Recent CVEs

138
View all 138 CVEs →
  • CVE-2019-9201CriFeb 26, 2019
    risk 0.64cvss 9.8epss 0.03

    Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

  • CVE-2017-16743CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.03

    An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service…

  • CVE-2017-5159CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

  • CVE-2018-10730CriMay 17, 2018
    risk 0.60cvss 9.1epss 0.05

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

  • CVE-2018-10731CriMay 17, 2018
    risk 0.59cvss 9.0epss 0.03

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

  • CVE-2017-10102CriAug 8, 2017
    risk 0.59cvss 9.0epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2025-41669HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution…

  • CVE-2017-10116HigAug 8, 2017
    risk 0.54cvss 8.3epss 0.04

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows…

  • CVE-2018-10728HigMay 17, 2018
    risk 0.53cvss 8.1epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

  • CVE-2017-10078HigAug 8, 2017
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2024-43384HigMay 7, 2026
    risk 0.52cvss 8.0epss 0.00

    A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.

  • CVE-2016-8380HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.11

    The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

  • CVE-2016-8371HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.11

    The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

  • CVE-2016-8366HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.06

    Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.

  • CVE-2018-5441HigJan 30, 2018
    risk 0.51cvss 7.8epss 0.00

    An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed…

  • CVE-2026-41032HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2017-10176HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.05

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10118HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10115HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…