VYPR

Vendor CVEs

Phoenixcontact

All CVEs

138 total · sorted by risk
  • CVE-2019-9201CriFeb 26, 2019
    risk 0.64cvss 9.8epss 0.03

    Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

  • CVE-2017-16743CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.03

    An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service…

  • CVE-2017-5159CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

  • CVE-2018-10730CriMay 17, 2018
    risk 0.60cvss 9.1epss 0.05

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

  • CVE-2018-10731CriMay 17, 2018
    risk 0.59cvss 9.0epss 0.03

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

  • CVE-2017-10102CriAug 8, 2017
    risk 0.59cvss 9.0epss 0.03

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2025-41669HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution…

  • CVE-2017-10116HigAug 8, 2017
    risk 0.54cvss 8.3epss 0.04

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows…

  • CVE-2018-10728HigMay 17, 2018
    risk 0.53cvss 8.1epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

  • CVE-2017-10078HigAug 8, 2017
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE.…

  • CVE-2024-43384HigMay 7, 2026
    risk 0.52cvss 8.0epss 0.00

    A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.

  • CVE-2016-8380HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.11

    The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

  • CVE-2016-8371HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.11

    The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

  • CVE-2016-8366HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.06

    Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.

  • CVE-2018-5441HigJan 30, 2018
    risk 0.51cvss 7.8epss 0.00

    An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed…

  • CVE-2026-41032HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2017-10176HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.05

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10118HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10115HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-7935HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.01

    A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests.

  • CVE-2017-10198MedAug 8, 2017
    risk 0.44cvss 6.8epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows…

  • CVE-2017-16723MedDec 11, 2017
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions…

  • CVE-2017-10135MedAug 8, 2017
    risk 0.39cvss 5.9epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows…

  • CVE-2018-10729MedMay 17, 2018
    risk 0.35cvss 5.3epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

  • CVE-2017-16741MedJan 12, 2018
    risk 0.35cvss 5.3epss 0.01

    An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.

  • CVE-2017-10108MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows…

  • CVE-2017-10053MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-7937MedMay 19, 2017
    risk 0.26cvss 4.0epss 0.01

    An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.

  • CVE-2014-9195Jan 17, 2015
    risk 0.09cvss epss 0.81

    Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

  • CVE-2020-12497Jul 1, 2020
    risk 0.01cvss epss 0.15

    PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

  • CVE-2019-16675Oct 31, 2019
    risk 0.01cvss epss 0.03

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original…

  • CVE-2026-22321Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI…

  • CVE-2026-22320Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal…

  • CVE-2026-22319Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

  • CVE-2026-22318Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.

  • CVE-2026-22317Mar 18, 2026
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.

  • CVE-2026-22316Mar 18, 2026
    risk 0.00cvss epss 0.00

    A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

  • CVE-2025-41693Dec 9, 2025
    risk 0.00cvss epss 0.00

    A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.

  • CVE-2025-41696Dec 9, 2025
    risk 0.00cvss epss 0.00

    An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

  • CVE-2025-41694Dec 9, 2025
    risk 0.00cvss epss 0.00

    A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

  • CVE-2025-41692Dec 9, 2025
    risk 0.00cvss epss 0.00

    A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

  • CVE-2025-41697Dec 9, 2025
    risk 0.00cvss epss 0.00

    An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

  • CVE-2025-41695Dec 9, 2025
    risk 0.00cvss epss 0.01

    An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide…

  • CVE-2025-41745Dec 9, 2025
    risk 0.00cvss epss 0.01

    An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide…

  • CVE-2025-41746Dec 9, 2025
    risk 0.00cvss epss 0.08

    An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide…

  • CVE-2025-41747Dec 9, 2025
    risk 0.00cvss epss 0.08

    An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not…

  • CVE-2025-41748Dec 9, 2025
    risk 0.00cvss epss 0.08

    An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide…

  • CVE-2025-41749Dec 9, 2025
    risk 0.00cvss epss 0.01

    An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access…

  • CVE-2025-41750Dec 9, 2025
    risk 0.00cvss epss 0.08

    An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide…

Page 1 of 3