Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9436 | 1 Phoenixcontact | 12 Tc Cloud Client 1002-4g, Tc Cloud Client 1002-4g Firmware, Tc Cloud Client 1002-txtx and 9 more | 2020-03-16 | 9.0 HIGH | 8.8 HIGH |
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | |||||
CVE-2020-9435 | 1 Phoenixcontact | 12 Tc Cloud Client 1002-4g, Tc Cloud Client 1002-4g Firmware, Tc Cloud Client 1002-txtx and 9 more | 2020-03-16 | 5.0 MEDIUM | 7.5 HIGH |
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation. |