Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Phoenix Contact — Vulnerabilities & Security Advisories 143

Browse all 143 CVE security advisories affecting Phoenix Contact. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHOENIX CONTACT specializes in industrial automation, electrical engineering, and electronics, providing critical infrastructure components such as programmable logic controllers, power supplies, and industrial networking devices. With 142 recorded CVEs, the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from inadequate input validation in web-based management interfaces or insecure default configurations in embedded systems. Notable incidents include exploitable authentication bypasses and buffer overflow errors that could allow attackers to gain unauthorized control over industrial control systems. The high volume of vulnerabilities suggests persistent challenges in securing legacy firmware and web applications. While the hardware itself is robust, the associated software layers require rigorous patching and secure coding practices to mitigate risks in operational technology environments.

Top products by Phoenix Contact: FL SWITCH 2005 CHARX SEC-3000 FL MGUARD 2102 WP 6070-WVPS CHARX SEC-3150 WHA-GW-F2D2-0-AS- Z2-ETH AXC F 1152 QUINT4-UPS/24DC/24DC/5/EIP AXC F 1152 (1151412) Phoenix Contact ILC PLCs FL SWITCH Automation Worx Software Suite MULTIPROG FL MGUARD Automation Worx CLOUD CLIENT 1101T-TX/TX Config+ RAD-ISM-900-EN-BD/B ENERGY AXC PU (1264327) CHARX SEC-3000 (1139022) ILC 131 TC ROUTER 3002T-3G AXL F BK PN TPS DaUM ProConOs FL MGUARD CENTERPORT ILC 1x0 PC Worx FL MGUARD DM (2981974) AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2021-34560 A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information — WHA-GW-F2D2-0-AS- Z2-ETHCWE-522 5.5 Medium2021-08-31
CVE-2021-34559 A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings — WHA-GW-F2D2-0-AS- Z2-ETHCWE-444 5.4 Medium2021-08-31
CVE-2021-33555 A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway — WHA-GW-F2D2-0-AS- Z2-ETHCWE-22 7.5 High2021-08-31
CVE-2021-33541 Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability — ILC1xCWE-770 7.5 High2021-06-25
CVE-2021-33542 Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability — Automation Worx Software SuiteCWE-824 7.8 High2021-06-25
CVE-2021-33540 Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices — AXL F BKCWE-798 7.3 High2021-06-25
CVE-2021-21005 Race Condition Vulnerability in Phoenix Contact FL SWITCH SMCS series products — FL SWITCHCWE-362 7.5 High2021-06-25
CVE-2021-21004 Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products — FL SWITCHCWE-79 7.4 High2021-06-25
CVE-2021-21003 Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products — FL SWITCHCWE-404 5.3 Medium2021-06-25
CVE-2021-21002 Denial of Service in Phoenix Contact FL COMSERVER UNI products — FL COMSERVERCWE-772 7.5 High2021-06-25
CVE-2020-12519 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges. — AXC F 1152 (1151412)CWE-269 8.8 High2020-12-17
CVE-2020-12521 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack. — AXC F 1152 (1151412)CWE-20 6.5 Medium2020-12-17
CVE-2020-12523 Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration — TC MGUARD RS4000 4G VZW VPN (1010461)CWE-909 5.4 Medium2020-12-17
CVE-2020-12517 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). — AXC F 1152 (1151412)CWE-79 8.8 High2020-12-17
CVE-2020-12518 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. — AXC F 1152 (1151412)CWE-200 5.5 Medium2020-12-17
CVE-2020-12524 Phoenix Contact BTP Touch Panels uncontrolled resource consumption — BTP Touch PanelCWE-400 7.5 High2020-12-02
CVE-2020-12499 PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability. — PLCnext EngineerCWE-22 8.2 High2020-07-21
CVE-2020-12497 Phoenix Contact Automation Worx <= 1.87: stack-based overflow — Automation WorxCWE-121 7.8 High2020-07-01
CVE-2020-12498 Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution — Automation WorxCWE-121 7.8 High2020-07-01
CVE-2016-8366 Phoenix Contact ILC PLC 信任管理漏洞 — Phoenix Contact ILC PLCsCWE-312 7.3 -2018-04-05
CVE-2016-8371 Phoenix Contact ILC PLC 授权问题漏洞 — Phoenix Contact ILC PLCsCWE-592 6.5 -2018-04-05
CVE-2016-8380 Phoenix Contact ILC PLC 授权问题漏洞 — Phoenix Contact ILC PLCsCWE-767 7.3 -2018-04-05
CVE-2014-9195 Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function — ProConOsCWE-306 9.8 -2015-01-17

This page lists every published CVE security advisory associated with Phoenix Contact. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.