What is CVE-2014-9195?

CVE-2014-9195 is a vulnerability in Phoenix Contact Multiprog, classified under Missing Authentication for Critical Function. Published 2015-01-17.

Is CVE-2014-9195 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Phoenix Contact Multiprog

CVE-2014-9195

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

Vulnerability class: Broken Authentication

EPSS: 0.825 (99.3th percentile) — read the EPSS interpretation.

Affected products

Phoenix Contact Multiprog — versions All versions
Phoenix Contact Proconos — versions All versions
Phoenixcontact-software Multiprog — versions 5.0
Phoenixcontact-software Proconos_eclr

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert@hq.dhs.gov
37066 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
af854a3a-2127-422b-91ae-364da2661108 (Third Party Advisory, US Government Resource)

Frequently asked questions

What is CVE-2014-9195?: CVE-2014-9195 is a vulnerability in Phoenix Contact Multiprog, classified under Missing Authentication for Critical Function. Published 2015-01-17.
Is CVE-2014-9195 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.