The vulnerability of the microprogramming software for Phoenix Contact Automation Worx Software Suite devices, including AXC 1050, AXC 1050 XC, AXC 3050, Config+, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 3xx, PC Worx, PC Worx Express, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX, arises from the incorrect assignment of permissions to critical resources. This allows an attacker to gain full access to the device.

🗓️ 18 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Phoenix Contact Worx software vulnerability lets remote attackers gain full device access.

Reporter	Title	Published	Views	Family All 8
CNNVD	PHOENIX CONTACT Automation Worx Software Suite Security Vulnerability	14 Dec 202300:00	–	cnnvd
CVE	CVE-2023-46141	14 Dec 202314:05	–	cve
Cvelist	CVE-2023-46141 Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource	14 Dec 202314:05	–	cvelist
EUVD	EUVD-2023-50384	3 Oct 202520:07	–	euvd
NVD	CVE-2023-46141	14 Dec 202314:15	–	nvd
Prion	Code injection	14 Dec 202314:15	–	prion
Positive Technologies	PT-2023-7706 · Phoenix Contact · Pc Worx Express +17	12 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-46141	23 May 202503:54	–	redhatcve

Source	Link
github	www.github.com/advisories/GHSA-c4vw-934c-jc76
cert	www.cert.vde.com/en/advisories/VDE-2023-055/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-46141
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail

18 Dec 2023 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 39.8

CVSS 210

EPSS0.00879

Phoenix Contact Worx software remote attack full device access improper permissions crafted project file automation Worx devices