PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite

A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.


CVE-2019-12870: 8.8
CVE-2019-12871: 8.8
CVE-2019-12869: 6.8

WAGO: Multiple Vulnerabilities in industrial managed switches

Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.


CVE-2015-0235: 10.0
CVE-2014-9761: 9.8
CVE-2019-12549: 9.8
CVE-2016-2148: 9.8
CVE-2019-12550: 9.8
CVE-2014-9984: 9.8
CVE-2017-16544: 8.8
CVE-2014-9402: 7.8
CVE-2015-1472: 7.5
CVE-2016-6301: 7.5
CVE-2011-5325: 7.5
CVE-2016-2147: 7.5
CVE-2014-4043: 7.5
CVE-2012-4412: 7.5
CVE-2010-0296: 7.2
CVE-2013-1813: 7.2
CVE-2010-3856: 7.2
CVE-2011-2716: 6.8
CVE-2015-9261: 5.5

TECSON/GOK: Improper Authentication and Access Control on multiple devices

A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.


CVE-2019-12254: 9.8

PHOENIX CONTACT: Multiple Vulnerabilities in AXC F 2152 (Update A)

Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x


CVE-2017-8816: 9.8
CVE-2016-9953: 9.8
CVE-2017-8817: 9.8
CVE-2017-11541: 9.8
CVE-2017-11542: 9.8
CVE-2017-11543: 9.8
CVE-2017-5334: 9.8
CVE-2017-5336: 9.8
CVE-2016-9841: 9.8
CVE-2018-1000120: 9.8
CVE-2017-5337: 9.8
CVE-2016-9843: 9.8
CVE-2017-1000257: 9.1
CVE-2018-1000122: 9.1
CVE-2018-1000301: 9.1
CVE-2018-1000005: 9.1
CVE-2016-9842: 8.8
CVE-2016-9840: 8.8
CVE-2016-9952: 8.1
CVE-2016-1247: 7.8
CVE-2017-9023: 7.5
CVE-2016-6301: 7.5
CVE-2016-7141: 7.5
CVE-2016-7444: 7.5
CVE-2018-1000121: 7.5
CVE-2017-1000254: 7.5
CVE-2017-11108: 7.5
CVE-2017-11185: 7.5
CVE-2017-3731: 7.5
CVE-2017-9233: 7.5
CVE-2017-5335: 7.5
CVE-2017-9022: 7.5
CVE-2019-10998: 6.8
CVE-2018-1000117: 6.7
CVE-2018-5388: 6.5
CVE-2017-1000101: 6.5
CVE-2017-1000100: 6.5
CVE-2016-7103: 6.1
CVE-2015-9251: 6.1
CVE-2017-3738: 5.9
CVE-2019-10997: 5.9
CVE-2018-0737: 5.9
CVE-2017-3737: 5.9
CVE-2017-15906: 5.3
CVE-2018-7559: 5.3
CVE-2017-3735: 5.3

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0