PHOENIX CONTACT: Multiple Vulnerabilities in AXC F 2152 (Update A)

Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x


CVE-2017-8816: 9.8
CVE-2016-9953: 9.8
CVE-2017-8817: 9.8
CVE-2017-11541: 9.8
CVE-2017-11542: 9.8
CVE-2017-11543: 9.8
CVE-2017-5334: 9.8
CVE-2017-5336: 9.8
CVE-2016-9841: 9.8
CVE-2018-1000120: 9.8
CVE-2017-5337: 9.8
CVE-2016-9843: 9.8
CVE-2017-1000257: 9.1
CVE-2018-1000122: 9.1
CVE-2018-1000301: 9.1
CVE-2018-1000005: 9.1
CVE-2016-9842: 8.8
CVE-2016-9840: 8.8
CVE-2016-9952: 8.1
CVE-2016-1247: 7.8
CVE-2017-9023: 7.5
CVE-2016-6301: 7.5
CVE-2016-7141: 7.5
CVE-2016-7444: 7.5
CVE-2018-1000121: 7.5
CVE-2017-1000254: 7.5
CVE-2017-11108: 7.5
CVE-2017-11185: 7.5
CVE-2017-3731: 7.5
CVE-2017-9233: 7.5
CVE-2017-5335: 7.5
CVE-2017-9022: 7.5
CVE-2019-10998: 6.8
CVE-2018-1000117: 6.7
CVE-2018-5388: 6.5
CVE-2017-1000101: 6.5
CVE-2017-1000100: 6.5
CVE-2016-7103: 6.1
CVE-2015-9251: 6.1
CVE-2017-3738: 5.9
CVE-2019-10997: 5.9
CVE-2018-0737: 5.9
CVE-2017-3737: 5.9
CVE-2017-15906: 5.3
CVE-2018-7559: 5.3
CVE-2017-3735: 5.3

PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS)

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.


CVE-2019-9743: 8.8

PHOENIX CONTACT: unauthorized access to WEB-UI on FL NAT SMx

After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI.

The access attempt will only be successful if the former authorized session has not been terminated by the authorized user or by session timeout.


CVE-2019-9744: 8.8

PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3

Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18


CVE-2018-3991: 9.8
CVE-2018-3990: 7.8
CVE-2018-3989: 5.5

PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx

Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34. 


CVE-2018-13993: 8.8
CVE-2018-13990: 8.6
CVE-2018-13992: 8.2
CVE-2018-13994: 7.5
CVE-2018-13991: 5.3
CVE-2017-3735: 5.3

PHOENIX CONTACT: AXL F BK PN Denial of Service Vulnerability

Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.


CVE-2018-16994: 7.5

PHOENIX CONTACT: ILC 1x1 ETH Denial of Service

The processing program of the IEC 61131 program can be slowed down or stopped completely by creating a large amount of network traffic that needs to be handled by the ILC.


keine CVE ID vergeben

PHOENIX CONTACT: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file

An attacker may exploit a “long cookie” related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable code into the OS.


CVE-2018-10731: 9.0

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0