Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Config\+
(Phoenixcontact)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-14 | CVE-2023-46141 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. | Automationworx_software_suite, Axc_1050_firmware, Axc_1050_xc_firmware, Axc_3050_firmware, Config\+, Fc_350_pci_eth_firmware, Ilc1x0_firmware, Ilc1x1_firmware, Ilc_3xx_firmware, Pc_worx, Pc_worx_express, Pc_worx_rt_basic_firmware, Pc_worx_srt, Rfc_430_eth\-Ib_firmware, Rfc_450_eth\-Ib_firmware, Rfc_460r_pn_3tx_firmware, Rfc_470s_pn_3tx_firmware, Rfc_480s_pn_4tx_firmware | 9.8 | ||
| 2023-12-14 | CVE-2023-46143 | Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. | Automationworx_software_suite, Axc_1050_firmware, Axc_1050_xc_firmware, Axc_3050_firmware, Config\+, Fc_350_pci_eth_firmware, Ilc1x0_firmware, Ilc1x1_firmware, Ilc_3xx_firmware, Pc_worx, Pc_worx_express, Pc_worx_rt_basic_firmware, Pc_worx_srt, Rfc_430_eth\-Ib_firmware, Rfc_450_eth\-Ib_firmware, Rfc_460r_pn_3tx_firmware, Rfc_470s_pn_3tx_firmware, Rfc_480s_pn_4tx_firmware | 7.5 | ||
| 2021-06-25 | CVE-2021-33542 | Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one... | Config\+, Pc_worx, Pc_worx_express | 7.0 | ||
| 2019-10-31 | CVE-2019-16675 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | Config\+, Pc_worx, Pc_worx_express | N/A |