CVE-2014-9195

10.0

CVSS 2.0

Description

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Metadata

CVE ID: CVE-2014-9195
State: PUBLISHED
Assigner: icscert
Reserved: 2014-12-02 00:00 UTC
Published: 2015-01-17 02:00 UTC
Last updated: 2025-09-05 21:03 UTC
Primary CWE: CWE-306
CWE-306
Vendor / Product: Phoenix Contact / ProConOs
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (2)

Vendor	Product	Platform	Versions
Phoenix Contact	MultiProg	—	All versions
Phoenix Contact	ProConOs	—	All versions

Weakness (CWE)

CWE	Source	Description
CWE-306	cna	CWE-306

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-03
37066 https://www.exploit-db.com/exploits/37066/

Back to overview