Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9195

CWE-306Missing AuthenticationCWE-2554 documents4 sources
Severity
7.5HIGH
EPSS
82.5%
top 0.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Phoenix Contact MultiprogPhoenix Contact ProconosPhoenixcontact-software Multiprog
Timeline
PublishedJan 17
Latest updateMay 14

Description

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

CVEListV5phoenix_contact/proconosAll versions
CVEListV5phoenix_contact/multiprogAll versions

🔴Vulnerability Details

2
GHSA
GHSA-qp5x-q9h8-gxm5: Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-complia2022-05-14
CVEList
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function2015-01-17

💥Exploits & PoCs

1
Exploit-DB
Phoenix Contact ILC 150 ETH PLC - Remote Control Script2015-05-20
CVE-2014-9195 (HIGH CVSS 7.5) | Phoenix Contact ProConOs and MultiP | cvebase.io