Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data (CWE-824).
The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.



For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource (CWE-909).



Multiple vulnerabilities have been identified in PLCnext Control devices. Please consult the aforementioned CVE-IDs.



Uncontrolled Resource Consumption can be exploited to cause the HMI to become unresponsive and not accurately update the display content (Denial of Service).



Several vulnerabilities have been discovered in WIBU-SYSTEMS CodeMeter and published 08 September 2020. Phoenix Contact is only affected by a subset of these vulnerabilities.

Phoenix Contact products are not affected by vulnerabilities WIBU-200521-01 (CVE-2020- 14513), WIBU-200521-04 (CVE-2020-14517, and WIBU-200521-06 (CVE-2020-14515). For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html.



A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.



The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.
The attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.



Manipulated PC Worx projects could lead to a remote code execution due to insufficient input
data validation.

The attacker needs to get access to an original PC Worx project to be able to manipulate data
inside the project folder. After manipulation the attacker needs to exchange the original files by
the manipulated ones on the application programming workstation.



Feeds

By Vendor

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0