Lucene search

K
cve[email protected]CVE-2023-46142
HistoryDec 14, 2023 - 2:15 p.m.

CVE-2023-46142

2023-12-1414:15:42
CWE-732
web.nvd.nist.gov
11
cve-2023-46142
incorrect permission assignment
critical resource
vulnerability
plcnext products
remote attacker
low privileges
full access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Affected configurations

NVD
Node
phoenixcontactaxc_f_1152Match-
AND
phoenixcontactaxc_f_1152_firmwareRange2024.0
Node
phoenixcontactaxc_f_2152Match-
AND
phoenixcontactaxc_f_2152_firmwareRange2024.0
Node
phoenixcontactaxc_f_3152Match-
AND
phoenixcontactaxc_f_3152_firmwareRange2024.0
Node
phoenixcontactbpc_9102sMatch-
AND
phoenixcontactbpc_9102s_firmwareRange2024.0
Node
phoenixcontactepc_1502Match-
AND
phoenixcontactepc_1502_firmwareRange2024.0
Node
phoenixcontactepc_1522Match-
AND
phoenixcontactepc_1522_firmwareRange2024.0
Node
phoenixcontactplcnext_engineerRange2024.0
Node
phoenixcontactrfc_4072rMatch-
AND
phoenixcontactrfc_4072r_firmwareRange2024.0
Node
phoenixcontactrfc_4072sMatch-
AND
phoenixcontactrfc_4072s_firmwareRange2024.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 1152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 2152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 3152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "BPC 9102S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1502",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1522",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PLCnext Engineer",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072R",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

Related for CVE-2023-46142