Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Phoenix Contact — Vulnerabilities & Security Advisories 143

Browse all 143 CVE security advisories affecting Phoenix Contact. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHOENIX CONTACT specializes in industrial automation, electrical engineering, and electronics, providing critical infrastructure components such as programmable logic controllers, power supplies, and industrial networking devices. With 142 recorded CVEs, the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from inadequate input validation in web-based management interfaces or insecure default configurations in embedded systems. Notable incidents include exploitable authentication bypasses and buffer overflow errors that could allow attackers to gain unauthorized control over industrial control systems. The high volume of vulnerabilities suggests persistent challenges in securing legacy firmware and web applications. While the hardware itself is robust, the associated software layers require rigorous patching and secure coding practices to mitigate risks in operational technology environments.

Top products by Phoenix Contact: FL SWITCH 2005 CHARX SEC-3000 FL MGUARD 2102 WP 6070-WVPS CHARX SEC-3150 WHA-GW-F2D2-0-AS- Z2-ETH AXC F 1152 QUINT4-UPS/24DC/24DC/5/EIP AXC F 1152 (1151412) Phoenix Contact ILC PLCs FL SWITCH Automation Worx Software Suite MULTIPROG FL MGUARD Automation Worx CLOUD CLIENT 1101T-TX/TX Config+ RAD-ISM-900-EN-BD/B ENERGY AXC PU (1264327) CHARX SEC-3000 (1139022) ILC 131 TC ROUTER 3002T-3G AXL F BK PN TPS DaUM ProConOs FL MGUARD CENTERPORT ILC 1x0 PC Worx FL MGUARD DM (2981974) AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process — CHARX SEC-3000 (1139022)CWE-552 5.9 Medium2024-08-13
CVE-2024-28137 PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series — CHARX SEC-3000CWE-367 7.8 High2024-05-14
CVE-2024-28136 PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service — CHARX SEC-3000CWE-77 7.8 High2024-05-14
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series — CHARX SEC-3000CWE-77 5.0 Medium2024-05-14
CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series — CHARX SEC-3000CWE-319 7.0 High2024-05-14
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series — CHARX SEC-3000CWE-426 7.8 High2024-05-14
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series — CHARX SEC-3000CWE-319 8.7 High2024-03-12
CVE-2024-26005 PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series — CHARX SEC-3000CWE-459 4.8 Medium2024-03-12
CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series — CHARX SEC-3000CWE-824 7.5 High2024-03-12
CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series — CHARX SEC-3000CWE-125 7.5 High2024-03-12
CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series — CHARX SEC-3000CWE-20 7.8 High2024-03-12
CVE-2024-26001 PHOENIX CONTACT: Out of bounds write only memory access — CHARX SEC-3000CWE-787 7.4 High2024-03-12
CVE-2024-26000 PHOENIX CONTACT: Out of bounds read only memory access — CHARX SEC-3000CWE-125 5.9 Medium2024-03-12
CVE-2024-25999 PHOENIX CONTACT: Privilege escalation in the OCPP agent service — CHARX SEC-3000CWE-20 8.4 High2024-03-12
CVE-2024-25998 PHOENIX CONTACT: Command injection in the OCPP Service — CHARX SEC-3000CWE-77 7.3 High2024-03-12
CVE-2024-25997 PHOENIX CONTACT: Log injection in CHARX Series — CHARX SEC-3000CWE-20 5.3 Medium2024-03-12
CVE-2024-25996 PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series — CHARX SEC-3000CWE-346 5.3 Medium2024-03-12
CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series — CHARX SEC-3000CWE-20 9.8 Critical2024-03-12
CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series — CHARX SEC-3000CWE-434 5.3 Medium2024-03-12
CVE-2023-46144 PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check — AXC F 1152CWE-494 6.5 Medium2023-12-14
CVE-2023-46143 Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC — Automation Worx Software SuiteCWE-494 7.5 High2023-12-14
CVE-2023-46142 PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control — AXC F 1152CWE-732 8.8 High2023-12-14
CVE-2023-46141 Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource — Automation Worx Software SuiteCWE-732 9.8 Critical2023-12-14
CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check — MULTIPROGCWE-494 7.5 High2023-12-14
CVE-2023-0757 Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource — MULTIPROGCWE-732 9.8 Critical2023-12-14
CVE-2023-37858 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels — WP 6070-WVPSCWE-311 4.9 Medium2023-08-09
CVE-2023-37857 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels — WP 6070-WVPSCWE-798 3.8 Low2023-08-09
CVE-2023-37855 PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels — WP 6070-WVPSCWE-610 4.3 Medium2023-08-09
CVE-2023-37856 PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels — WP 6070-WVPSCWE-610 4.3 Medium2023-08-09
CVE-2023-37863 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 7.2 High2023-08-09

This page lists every published CVE security advisory associated with Phoenix Contact. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.