CVE-2016-8366

HIGH

Phoenix Contact ILC PLC - Info Disclosure

Title source: llm

Description

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.

Exploits (1)

exploitdb WORKING POC

by Photubias · pythonwebappshardware

https://www.exploit-db.com/exploits/45586

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94163

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-313-01

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45586/

Scores

CVSS v3 7.3

EPSS 0.0249

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-312 CWE-255

Status published

Affected Products (1)

phoenixcontact/ilc_plcs_firmware

Timeline

Published Apr 05, 2018

Tracked Since Feb 18, 2026