Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Phoenix Contact — Vulnerabilities & Security Advisories 142

Browse all 142 CVE security advisories affecting Phoenix Contact. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Phoenix Contact:FL SWITCH 2005CHARX SEC-3000WP 6070-WVPSFL MGUARD 2102CHARX SEC-3150WHA-GW-F2D2-0-AS- Z2-ETHAXC F 1152QUINT4-UPS/24DC/24DC/5/EIPAXC F 1152 (1151412)Phoenix Contact ILC PLCsFL SWITCHAutomation Worx Software SuiteMULTIPROGFL MGUARDAutomation WorxCLOUD CLIENT 1101T-TX/TXConfig+RAD-ISM-900-EN-BD/BENERGY AXC PU (1264327)CHARX SEC-3000 (1139022)ILC 131TC ROUTER 3002T-3GAXL F BK PN TPSDaUMProConOsFL MGUARD CENTERPORTILC 1x0PC WorxFL MGUARD DM (2981974)AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check — WP 6070-WVPSCWE-494 7.2 High2023-08-09
CVE-2023-37862 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels — WP 6070-WVPSCWE-862 8.2 High2023-08-09
CVE-2023-37860 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels — WP 6070-WVPSCWE-862 7.5 High2023-08-09
CVE-2023-37861 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-09
CVE-2023-3569 PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT — CLOUD CLIENT 1101T-TX/TXCWE-776 4.9 Medium2023-08-08
CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices — CLOUD CLIENT 1101T-TX/TXCWE-79 9.6 Critical2023-08-08
CVE-2023-3570 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 10.0 Critical2023-08-08
CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-3573 PHOENIX CONTACT: Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-2673 PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation — FL MGUARD 2102CWE-1287 5.3 Medium2023-06-13
CVE-2023-1109 PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service — ENERGY AXC PU (1264327)CWE-22 8.8 High2023-04-17
CVE-2022-3461 Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite — Config+CWE-119 7.8 High2022-11-15
CVE-2022-3737 Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite — Config+CWE-125 7.8 High2022-11-15
CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family — FL MGUARD CENTERPORTCWE-770 7.5 High2022-11-15
CVE-2021-34579 PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management — FL MGUARD DM (2981974)CWE-269 7.5 High2022-11-09
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool — MULTIPROGCWE-345 9.8 Critical2022-06-21
CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers — ILC 1x0CWE-345 9.8 Critical2022-06-21
CVE-2022-29898 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT — RAD-ISM-900-EN-BD/BCWE-354 9.1 Critical2022-05-11
CVE-2022-29897 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT — RAD-ISM-900-EN-BD/BCWE-20 9.1 Critical2022-05-11
CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality — FL MGUARDCWE-401 7.5 High2021-11-10
CVE-2021-34582 Phoenix Contact: FL MGUARD XSS through web-based management and REST API — FL MGUARDCWE-79 4.8 Medium2021-11-10
CVE-2021-34597 Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability — PC WorxCWE-20 7.8 High2021-11-04
CVE-2021-34570 Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS — AXC FCWE-20 7.5 High2021-09-27
CVE-2021-34565 In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found — WHA-GW-F2D2-0-AS- Z2-ETHCWE-798 9.8 Critical2021-08-31
CVE-2021-34564 In WirelessHART-Gateway versions 3.0.9 a vulnerability allows to read and write sensitive data in a cookie — WHA-GW-F2D2-0-AS- Z2-ETHCWE-315 5.5 Medium2021-08-31
CVE-2021-34563 In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it — WHA-GW-F2D2-0-AS- Z2-ETHCWE-1004 3.3 Low2021-08-31
CVE-2021-34562 A vulnerability in WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response — WHA-GW-F2D2-0-AS- Z2-ETHCWE-79 5.4 Medium2021-08-31
CVE-2021-34561 A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding — WHA-GW-F2D2-0-AS- Z2-ETHCWE-350 7.5 High2021-08-31
CVE-2021-34560 A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information — WHA-GW-F2D2-0-AS- Z2-ETHCWE-522 5.5 Medium2021-08-31

This page lists every published CVE security advisory associated with Phoenix Contact. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.