Skip to main content

Config

5 CVEs product

Monthly

CVE-2026-11527 HIGH PATCH This Week

OS command injection and arbitrary file truncation in the Perl module Config::IniFiles before 3.001000 occurs because _make_filehandle uses Perl's 2-argument open() on the -file argument, letting filenames prefixed/suffixed with shell metacharacters ('| cmd', 'cmd |', '> path', '>> path') execute commands or overwrite files under the process UID. Any application passing untrusted input to new(-file => ...) or ReadConfig is exposed. EPSS is low (~0.26%) and SSVC reports no observed exploitation, but an upstream patch and a public regression test demonstrate the issue clearly.

Command Injection Config
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.3%
CVE-2023-46143 HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46141 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-33542 HIGH This Week

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Memory Corruption RCE Config Pc Worx +1
NVD
CVSS 3.1
7.0
EPSS
1.8%
CVE-2019-16675 HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Information Disclosure Config +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

OS command injection and arbitrary file truncation in the Perl module Config::IniFiles before 3.001000 occurs because _make_filehandle uses Perl's 2-argument open() on the -file argument, letting filenames prefixed/suffixed with shell metacharacters ('| cmd', 'cmd |', '> path', '>> path') execute commands or overwrite files under the process UID. Any application passing untrusted input to new(-file => ...) or ReadConfig is exposed. EPSS is low (~0.26%) and SSVC reports no observed exploitation, but an upstream patch and a public regression test demonstrate the issue clearly.

Command Injection Config
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware +16
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware +16
NVD
EPSS 2% CVSS 7.0
HIGH This Week

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Memory Corruption RCE +3
NVD
EPSS 3% CVSS 7.8
HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy