This page lists publicly disclosed CVE vulnerabilities affecting phoenixcontact plcnext_engineer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-46144 | A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. | [email protected] | 6.5 | 0.05% | 2023-12-14 | 2024-11-21 |
| CVE-2023-46142 | A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | [email protected] | 8.8 | 0.26% | 2023-12-14 | 2024-11-21 |
| CVE-2023-3935 | A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. | [email protected] | 9.8 | 0.46% | 2023-09-13 | 2024-11-21 |
| CVE-2020-12499 | In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | [email protected] | 8.2 | 0.10% | 2020-07-21 | 2024-11-21 |