CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

phoenixcontact

plcnext_engineer

4 known vulnerabilities · sorted by CVSS score

CVE-2023-3935

CRITICAL9.8

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

wibu / codemeter_runtime+24

Network

Published Sep 13, 2023

CVE-2023-46142

HIGH8.8

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

phoenixcontact / axc_f_1152_firmware+8

Network

Published Dec 14, 2023

CVE-2020-12499

HIGH8.2

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

phoenixcontact / plcnext_engineer

Local

Published Jul 21, 2020

CVE-2023-46144

MEDIUM6.5

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

phoenixcontact / axc_f_1152_firmware+8

Network

Published Dec 14, 2023