10
CVE-2014-9195
- EPSS 82.49%
- Veröffentlicht 17.01.2015 02:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginPhoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact-software ≫ Multiprog Version5.0
Phoenixcontact-software ≫ Multiprog Version5.0 SwEditionexpress
Phoenixcontact-software ≫ Proconos Eclr SwEditionsingle_chip
Phoenixcontact-software ≫ Proconos Eclr SwEditionsoftplc
Phoenixcontact-software ≫ Proconos Eclr SwEditionvisual_studio
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 82.49% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.