| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-34570 | Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS | Phoenix Contact | AXC F | High | 7.5 | 2021-09-27 08:25:10 | Deep Dive |
| CVE-2021-34565 | In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Critical | 9.8 | 2021-08-31 10:33:01 | Deep Dive |
| CVE-2021-34564 | In WirelessHART-Gateway versions 3.0.9 a vulnerability allows to read and write sensitive data in a cookie | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Medium | 5.5 | 2021-08-31 10:33:00 | Deep Dive |
| CVE-2021-34563 | In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Low | 3.3 | 2021-08-31 10:32:59 | Deep Dive |
| CVE-2021-34562 | A vulnerability in WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Medium | 5.4 | 2021-08-31 10:32:58 | Deep Dive |
| CVE-2021-34561 | A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | High | 7.5 | 2021-08-31 10:32:56 | Deep Dive |
| CVE-2021-34560 | A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Medium | 5.5 | 2021-08-31 10:32:55 | Deep Dive |
| CVE-2021-34559 | A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | Medium | 5.4 | 2021-08-31 10:32:54 | Deep Dive |
| CVE-2021-33555 | A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway | Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | High | 7.5 | 2021-08-31 10:32:53 | Deep Dive |
| CVE-2021-33541 | Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability | Phoenix Contact | ILC1x | High | 7.5 | 2021-06-25 18:26:06 | Deep Dive |
| CVE-2021-33542 | Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability | Phoenix Contact | Automation Worx Software Suite | High | 7.8 | 2021-06-25 18:26:06 | Deep Dive |
| CVE-2021-33540 | Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices | Phoenix Contact | AXL F BK | High | 7.3 | 2021-06-25 18:26:05 | Deep Dive |
| CVE-2021-21005 | Race Condition Vulnerability in Phoenix Contact FL SWITCH SMCS series products | Phoenix Contact | FL SWITCH | High | 7.5 | 2021-06-25 18:25:53 | Deep Dive |
| CVE-2021-21004 | Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products | Phoenix Contact | FL SWITCH | High | 7.4 | 2021-06-25 18:25:52 | Deep Dive |
| CVE-2021-21003 | Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products | Phoenix Contact | FL SWITCH | Medium | 5.3 | 2021-06-25 18:25:51 | Deep Dive |
| CVE-2021-21002 | Denial of Service in Phoenix Contact FL COMSERVER UNI products | Phoenix Contact | FL COMSERVER | High | 7.5 | 2021-06-25 18:25:50 | Deep Dive |
| CVE-2020-12519 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges. | Phoenix Contact | AXC F 1152 (1151412) | High | 8.8 | 2020-12-17 22:43:15 | Deep Dive |
| CVE-2020-12521 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | Phoenix Contact | AXC F 1152 (1151412) | Medium | 6.5 | 2020-12-17 22:43:15 | Deep Dive |
| CVE-2020-12523 | Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration | Phoenix Contact | TC MGUARD RS4000 4G VZW VPN (1010461) | Medium | 5.4 | 2020-12-17 22:43:15 | Deep Dive |
| CVE-2020-12517 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | Phoenix Contact | AXC F 1152 (1151412) | High | 8.8 | 2020-12-17 22:43:14 | Deep Dive |