Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Plcnext_engineer
(Phoenixcontact)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-14 | CVE-2023-46144 | A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. | Axc_f_1152_firmware, Axc_f_2152_firmware, Axc_f_3152_firmware, Bpc_9102s_firmware, Epc_1502_firmware, Epc_1522_firmware, Plcnext_engineer, Rfc_4072r_firmware, Rfc_4072s_firmware | 6.5 | ||
| 2023-09-13 | CVE-2023-3935 | A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. | Activation_wizard, E\-Mobility_charging_suite, Fl_network_manager, Iol\-Conf, Module_type_package_designer, Plcnext_engineer, Oseon, Programmingtube, Teczonebend, Tops_unfold, Topscalculation, Trumpflicenseexpert, Trutops, Trutops_cell_classic, Trutops_cell_sw48, Trutops_mark_3d, Trutopsboost, Trutopsfab, Trutopsfab_storage_smallstore, Trutopsprint, Trutopsprintmultilaserassistant, Trutopsweld, Tubedesign, Codemeter_runtime | 9.8 | ||
| 2023-12-14 | CVE-2023-46142 | A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | Axc_f_1152_firmware, Axc_f_2152_firmware, Axc_f_3152_firmware, Bpc_9102s_firmware, Epc_1502_firmware, Epc_1522_firmware, Plcnext_engineer, Rfc_4072r_firmware, Rfc_4072s_firmware | 8.8 | ||
| 2020-07-21 | CVE-2020-12499 | In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | Plcnext_engineer | N/A |