Advisories | CERT@VDE

2023-04-11 10:00 VDE-2023-004

PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service

A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.
An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.

CVE-2023-1109: 8.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (8)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (7)

HIMA (2)

ifm (1)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (26)

PHOENIX CONTACT (80)

Pilz (13)

Red Lion Europe (2)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (55)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Archive

2024

April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0