Exploitation Summary
EIP tracks 1 public exploit for CVE-2016-8380. PoCs published by Photubias.
AI-analyzed exploit summary This exploit bypasses authentication in Phoenix Contact WebVisit HMI to read and write PLC tags. It retrieves project names, tag lists, and current values, then allows modification of tag values via unauthenticated HTTP requests.
Description
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Exploits (1)
exploitdb
WORKING POC
by Photubias · pythonwebappswindows
https://www.exploit-db.com/exploits/45590
This exploit bypasses authentication in Phoenix Contact WebVisit HMI to read and write PLC tags. It retrieves project names, tag lists, and current values, then allows modification of tag values via unauthenticated HTTP requests.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target:
Phoenix Contact WebVisit (all versions)
No auth needed
Prerequisites:
Network access to the target HMI · WebVisit interface exposed on the target
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-313-01
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45590/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94163
Scores
CVSS v3
7.3
EPSS
0.1120
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-287
CWE-767
Status
published
Products (1)
phoenixcontact/ilc_plcs_firmware
Published
Apr 05, 2018
Tracked Since
Feb 18, 2026