Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS


CVE-2023-47100: 9.8
CVE-2023-38545: 9.8
CVE-2023-45853: 8.8
CVE-2021-41072: 8.1
CVE-2023-4734: 7.8
CVE-2023-2603: 7.8
CVE-2023-4807: 7.8
CVE-2023-32643: 7.8
CVE-2023-4781: 7.8
CVE-2023-5535: 7.8
CVE-2023-4751: 7.8
CVE-2023-4752: 7.8
CVE-2023-4911: 7.8
CVE-2023-4738: 7.8
CVE-2023-4750: 7.8
CVE-2023-4736: 7.8
CVE-2023-38039: 7.5
CVE-2023-29499: 7.5
CVE-2023-32636: 7.5
CVE-2023-5156: 7.5
CVE-2024-0553: 7.5
CVE-2024-0567: 7.5
CVE-2023-33953: 7.5
CVE-2023-4785: 7.5
CVE-2023-44487: 7.5
CVE-2023-5363: 7.5
CVE-2023-32731: 7.4
CVE-2023-4733: 7.3
CVE-2023-42465: 7.0
CVE-2022-42010: 6.5
CVE-2023-46218: 6.5
CVE-2023-51385: 6.5
CVE-2022-42012: 6.5
CVE-2022-42011: 6.5
CVE-2023-34969: 6.5
CVE-2022-29900: 6.5
CVE-2023-26555: 6.4
CVE-2023-5441: 6.2
CVE-2023-48795: 5.9
CVE-2022-40897: 5.9
CVE-2023-26554: 5.6
CVE-2023-26553: 5.6
CVE-2023-26552: 5.6
CVE-2023-26551: 5.6
CVE-2022-29901: 5.6
CVE-2023-51384: 5.5
CVE-2023-32665: 5.5
CVE-2023-32611: 5.5
CVE-2022-48554: 5.5
CVE-2023-7104: 5.5
CVE-2023-3817: 5.3
CVE-2023-40217: 5.3
CVE-2023-32732: 5.3
CVE-2023-46219: 5.3
CVE-2023-4735: 4.8
CVE-2023-6004: 4.8
CVE-2023-46246: 4.0
CVE-2023-5344: 4.0
CVE-2023-48231: 3.9
CVE-2023-38546: 3.7
CVE-2023-48706: 3.6
CVE-2023-48237: 2.8
CVE-2023-4016: 2.5

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS


CVE-2024-32002: 9.0
CVE-2024-6387: 8.1
CVE-2024-39894: 7.5
CVE-2024-2511: 5.9
CVE-2024-4741: 5.6
CVE-2024-4603: 5.3

Phoenix Contact: Multiple Vulnerabilities in PLCnext Engineer

Vulnerabilities in .NET and Visual Studio functions System.Text.Json, System.Formats.Asn1, OPCFoundation.NetStandard.Opc.Ua.Core allow an remote attacker to execute a Denial-of-Servce attack.


CVE-2024-30105: 7.5

Phoenix Contact: Multiple Vulnerabilities in mGuard devices

Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.

CVE-2024-43392 only affects devices with firmware < 8.9.3.


CVE-2024-43387: 8.8
CVE-2024-43386: 8.8
CVE-2024-43385: 8.8
CVE-2024-7699: 8.8
CVE-2024-43388: 8.8
CVE-2024-43384: 8.0
CVE-2024-43391: 6.5
CVE-2024-43393: 6.5
CVE-2024-43392: 6.5
CVE-2024-43390: 6.5
CVE-2024-43389: 6.5
CVE-2024-7698: 5.7

Phoenix Contact: Multiple mGuard devices are vulnerable to RegreSSHion Vulnerability

mGuards use an OpenSSH server for SSH access. This server is vulnerable to a remote code injection.


CVE-2024-6387: 8.1

Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors.


CVE-2024-7734: 5.3

Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers

Start sequence for firewall service allows attack during the boot process. Password is reset to default when the device undergoes a firmware upgrade.


CVE-2024-6788: 8.6
CVE-2024-3913: 7.5

Phoenix Contact: Unbounded growth of OpenSSL session cache in multiple FL MGUARD devices

The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.


CVE-2024-2511: 5.9

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0