In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HPhoenixcontact Plcnext Engineer
APPPhoenixcontact≤ 2020-3-1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
Related vulnerabilities
CVE-2023-3935CRITICAL9.8ten sam produkt
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an u...
CVE-2023-46142HIGH8.8ten sam produkt
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote att...
CVE-2023-46144MEDIUM6.5ten sam produkt
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with lo...
CVE-2025-25270CRITICAL9.8PL ✓ten sam vendor
RCE jako root w sterownikach ładowania Phoenix Contact CHARX SEC-3x00
CVE-2024-25995CRITICAL9.8PL ✓ten sam vendor
RCE i eskalacja uprawnień w Phoenix Contact CHARX SEC — brak walidacji danych wejściowych