Phoenix Contact: Security Advisory for ESL Stick USB-A

A vulnerability has been found in a cryptographic library of Infineon Technologies that is part of the firmware of the CmDongles. The exploitation of this vulnerability has been classified as complex: potential attackers need physical access and require special equipment to exploit the vulnerability. In general, this vulnerability affects only ECC keys used to calculate signatures with the ECDSA algorithm.


CVE-2024-45678: 4.2

Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers

Improper file permission handling allows an authenticated low privileged user to gain root access.


CVE-2024-11497: 8.8

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS


CVE-2023-47100: 9.8
CVE-2023-38545: 9.8
CVE-2023-45853: 8.8
CVE-2021-41072: 8.1
CVE-2023-4734: 7.8
CVE-2023-2603: 7.8
CVE-2023-4807: 7.8
CVE-2023-32643: 7.8
CVE-2023-4781: 7.8
CVE-2023-5535: 7.8
CVE-2023-4751: 7.8
CVE-2023-4752: 7.8
CVE-2023-4911: 7.8
CVE-2023-4738: 7.8
CVE-2023-4750: 7.8
CVE-2023-4736: 7.8
CVE-2023-38039: 7.5
CVE-2023-29499: 7.5
CVE-2023-32636: 7.5
CVE-2023-5156: 7.5
CVE-2024-0553: 7.5
CVE-2024-0567: 7.5
CVE-2023-33953: 7.5
CVE-2023-4785: 7.5
CVE-2023-44487: 7.5
CVE-2023-5363: 7.5
CVE-2023-32731: 7.4
CVE-2023-4733: 7.3
CVE-2023-42465: 7.0
CVE-2022-42010: 6.5
CVE-2023-46218: 6.5
CVE-2023-51385: 6.5
CVE-2022-42012: 6.5
CVE-2022-42011: 6.5
CVE-2023-34969: 6.5
CVE-2022-29900: 6.5
CVE-2023-26555: 6.4
CVE-2023-5441: 6.2
CVE-2023-48795: 5.9
CVE-2022-40897: 5.9
CVE-2023-26554: 5.6
CVE-2023-26553: 5.6
CVE-2023-26552: 5.6
CVE-2023-26551: 5.6
CVE-2022-29901: 5.6
CVE-2023-51384: 5.5
CVE-2023-32665: 5.5
CVE-2023-32611: 5.5
CVE-2022-48554: 5.5
CVE-2023-7104: 5.5
CVE-2023-3817: 5.3
CVE-2023-40217: 5.3
CVE-2023-32732: 5.3
CVE-2023-46219: 5.3
CVE-2023-4735: 4.8
CVE-2023-6004: 4.8
CVE-2023-46246: 4.0
CVE-2023-5344: 4.0
CVE-2023-48231: 3.9
CVE-2023-38546: 3.7
CVE-2023-48706: 3.6
CVE-2023-48237: 2.8
CVE-2023-4016: 2.5

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS


CVE-2024-32002: 9.0
CVE-2024-6387: 8.1
CVE-2024-39894: 7.5
CVE-2024-2511: 5.9
CVE-2024-4741: 5.6
CVE-2024-4603: 5.3

Phoenix Contact: Multiple Vulnerabilities in PLCnext Engineer

Vulnerabilities in .NET and Visual Studio functions System.Text.Json, System.Formats.Asn1, OPCFoundation.NetStandard.Opc.Ua.Core allow an remote attacker to execute a Denial-of-Servce attack.


CVE-2024-30105: 7.5

Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors.


CVE-2024-7734: 5.3

Phoenix Contact: Multiple mGuard devices are vulnerable to RegreSSHion Vulnerability

mGuards use an OpenSSH server for SSH access. This server is vulnerable to a remote code injection.


CVE-2024-6387: 8.1

Phoenix Contact: Multiple Vulnerabilities in mGuard devices

Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.

CVE-2024-43392 only affects devices with firmware < 8.9.3.


CVE-2024-43387: 8.8
CVE-2024-43386: 8.8
CVE-2024-43385: 8.8
CVE-2024-7699: 8.8
CVE-2024-43388: 8.8
CVE-2024-43384: 8.0
CVE-2024-43391: 6.5
CVE-2024-43393: 6.5
CVE-2024-43392: 6.5
CVE-2024-43390: 6.5
CVE-2024-43389: 6.5
CVE-2024-7698: 5.7

Feeds

Nach Hersteller

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0