A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x
A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.
After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI.
The access attempt will only be successful if the former authorized session has not been terminated by the authorized user or by session timeout.
Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.
Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.