Lucene search

K
cve[email protected]CVE-2023-46144
HistoryDec 14, 2023 - 2:15 p.m.

CVE-2023-46144

2023-12-1414:15:43
CWE-494
web.nvd.nist.gov
22
cve-2023-46144
plcnext
integrity check
vulnerability
remote attacker
low privileges
compromise
engineering station
connected devices
nvd

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Affected configurations

NVD
Node
phoenixcontactaxc_f_1152_firmwareRange2024.0
AND
phoenixcontactaxc_f_1152Match-
Node
phoenixcontactaxc_f_2152_firmwareRange2024.0
AND
phoenixcontactaxc_f_2152Match-
Node
phoenixcontactaxc_f_3152_firmwareRange2024.0
AND
phoenixcontactaxc_f_3152Match-
Node
phoenixcontactbpc_9102s_firmwareRange2024.0
AND
phoenixcontactbpc_9102sMatch-
Node
phoenixcontactepc_1502_firmwareRange2024.0
AND
phoenixcontactepc_1502Match-
Node
phoenixcontactepc_1522_firmwareRange2024.0
AND
phoenixcontactepc_1522Match-
Node
phoenixcontactplcnext_engineerRange2024.0
Node
phoenixcontactrfc_4072r_firmwareRange2024.0
AND
phoenixcontactrfc_4072rMatch-
Node
phoenixcontactrfc_4072s_firmwareRange2024.0
AND
phoenixcontactrfc_4072sMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 1152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 2152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 3152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "BPC 9102S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1502",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1522",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PLCnext Engineer",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072R",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

Related for CVE-2023-46144