Deneut Tijl

4 exploits Active since Jun 2017
CVE-2016-8371 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
CVSS 7.3
CVE-2016-8380 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVSS 7.3
CVE-2016-8366 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLC - Info Disclosure
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
CVSS 7.3
CVE-2017-6026 EXPLOITDB CRITICAL python WORKING POC
Schneider Electric Modicon PLCs <4.0.5.11 - Info Disclosure
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
CVSS 9.1