Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Phoenix Contact — Vulnerabilities & Security Advisories 143

Browse all 143 CVE security advisories affecting Phoenix Contact. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHOENIX CONTACT specializes in industrial automation, electrical engineering, and electronics, providing critical infrastructure components such as programmable logic controllers, power supplies, and industrial networking devices. With 142 recorded CVEs, the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from inadequate input validation in web-based management interfaces or insecure default configurations in embedded systems. Notable incidents include exploitable authentication bypasses and buffer overflow errors that could allow attackers to gain unauthorized control over industrial control systems. The high volume of vulnerabilities suggests persistent challenges in securing legacy firmware and web applications. While the hardware itself is robust, the associated software layers require rigorous patching and secure coding practices to mitigate risks in operational technology environments.

Top products by Phoenix Contact: FL SWITCH 2005 CHARX SEC-3000 FL MGUARD 2102 WP 6070-WVPS CHARX SEC-3150 WHA-GW-F2D2-0-AS- Z2-ETH AXC F 1152 QUINT4-UPS/24DC/24DC/5/EIP AXC F 1152 (1151412) Phoenix Contact ILC PLCs FL SWITCH Automation Worx Software Suite MULTIPROG FL MGUARD Automation Worx CLOUD CLIENT 1101T-TX/TX Config+ RAD-ISM-900-EN-BD/B ENERGY AXC PU (1264327) CHARX SEC-3000 (1139022) ILC 131 TC ROUTER 3002T-3G AXL F BK PN TPS DaUM ProConOs FL MGUARD CENTERPORT ILC 1x0 PC Worx FL MGUARD DM (2981974) AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2023-37859 PHOENIX CONTACT: Improper Privilege Management in WP 6xxx Web panels — WP 6070-WVPSCWE-269 7.2 High2023-08-09
CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check — WP 6070-WVPSCWE-494 7.2 High2023-08-09
CVE-2023-37862 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels — WP 6070-WVPSCWE-862 8.2 High2023-08-09
CVE-2023-37860 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels — WP 6070-WVPSCWE-862 7.5 High2023-08-09
CVE-2023-37861 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-09
CVE-2023-3569 PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT — CLOUD CLIENT 1101T-TX/TXCWE-776 4.9 Medium2023-08-08
CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices — CLOUD CLIENT 1101T-TX/TXCWE-79 9.6 Critical2023-08-08
CVE-2023-3570 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 10.0 Critical2023-08-08
CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-3573 PHOENIX CONTACT: Command Injection in WP 6xxx Web panels — WP 6070-WVPSCWE-78 8.8 High2023-08-08
CVE-2023-2673 PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation — FL MGUARD 2102CWE-1287 5.3 Medium2023-06-13
CVE-2023-1109 PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service — ENERGY AXC PU (1264327)CWE-22 8.8 High2023-04-17
CVE-2022-3461 Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite — Config+CWE-119 7.8 High2022-11-15
CVE-2022-3737 Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite — Config+CWE-125 7.8 High2022-11-15
CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family — FL MGUARD CENTERPORTCWE-770 7.5 High2022-11-15
CVE-2021-34579 PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management — FL MGUARD DM (2981974)CWE-269 7.5 High2022-11-09
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool — MULTIPROGCWE-345 9.8 Critical2022-06-21
CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers — ILC 1x0CWE-345 9.8 Critical2022-06-21
CVE-2022-29898 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT — RAD-ISM-900-EN-BD/BCWE-354 9.1 Critical2022-05-11
CVE-2022-29897 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT — RAD-ISM-900-EN-BD/BCWE-20 9.1 Critical2022-05-11
CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality — FL MGUARDCWE-401 7.5 High2021-11-10
CVE-2021-34582 Phoenix Contact: FL MGUARD XSS through web-based management and REST API — FL MGUARDCWE-79 4.8 Medium2021-11-10
CVE-2021-34597 Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability — PC WorxCWE-20 7.8 High2021-11-04
CVE-2021-34570 Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS — AXC FCWE-20 7.5 High2021-09-27
CVE-2021-34565 In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found — WHA-GW-F2D2-0-AS- Z2-ETHCWE-798 9.8 Critical2021-08-31
CVE-2021-34564 In WirelessHART-Gateway versions 3.0.9 a vulnerability allows to read and write sensitive data in a cookie — WHA-GW-F2D2-0-AS- Z2-ETHCWE-315 5.5 Medium2021-08-31
CVE-2021-34563 In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it — WHA-GW-F2D2-0-AS- Z2-ETHCWE-1004 3.3 Low2021-08-31
CVE-2021-34562 A vulnerability in WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response — WHA-GW-F2D2-0-AS- Z2-ETHCWE-79 5.4 Medium2021-08-31
CVE-2021-34561 A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding — WHA-GW-F2D2-0-AS- Z2-ETHCWE-350 7.5 High2021-08-31

This page lists every published CVE security advisory associated with Phoenix Contact. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.