VDE-2019-006
May 14, 2025, 2:28 PM
After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI. The …
VDE-2019-003
May 14, 2025, 3:00 PM
Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
VDE-2019-001
May 14, 2025, 3:00 PM
Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.
VDE-2018-015
Sept. 21, 2018, 9:03 AM
Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.
VDE-2018-012
Aug. 13, 2018, 1:55 PM
The processing program of the IEC 61131 program can be slowed down or stopped completely by creating a large amount of network traffic that needs to be handled by the …
VDE-2018-006
May 14, 2025, 3:00 PM
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and …
VDE-2018-007
May 22, 2025, 3:03 PM
Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file
An attacker may exploit a 'long cookie' related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable …
VDE-2018-005
May 16, 2018, 7:35 AM
Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of …