MidnightBSD

Advisories for phoenixcontact-software

CVE-2014-9195 HIGH

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-255,

Products Affected

Vendor Product Version
phoenixcontact-software proconos_eclr *
phoenixcontact-software multiprog 5.0
CVE-2022-31801 HIGH

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
phoenixcontact-software proconos_eclr -
phoenixcontact multiprog *
phoenixcontact proconos *