CVE-2023-46141 Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource

🗓️ 14 Dec 2023 14:05:11Reported by CERTVDEType

Security vulnerability in Phoenix Contact classic line controllers

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the microprogramming software for Phoenix Contact Automation Worx Software Suite devices, including AXC 1050, AXC 1050 XC, AXC 3050, Config+, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 3xx, PC Worx, PC Worx Express, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX, arises from the incorrect assignment of permissions to critical resources. This allows an attacker to gain full access to the device.	18 Dec 202300:00	–	bdu_fstec
CNNVD	PHOENIX CONTACT Automation Worx Software Suite Security Vulnerability	14 Dec 202300:00	–	cnnvd
CVE	CVE-2023-46141	14 Dec 202314:05	–	cve
EUVD	EUVD-2023-50384	3 Oct 202520:07	–	euvd
NVD	CVE-2023-46141	14 Dec 202314:15	–	nvd
Prion	Code injection	14 Dec 202314:15	–	prion
Positive Technologies	PT-2023-7706 · Phoenix Contact · Pc Worx Express +17	12 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-46141	23 May 202503:54	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "Automation Worx Software Suite",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC 1050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC 1050 XC",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC 3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Config+",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FC 350 PCI ETH",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ILC1x0",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ILC1x1",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ILC 3xx",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PC Worx",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PC Worx Express",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PC WORX RT BASIC",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PC WORX SRT",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 430 ETH-IB",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 450 ETH-IB",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 460R PN 3TX",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 470S PN 3TX",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 480S PN 4TX",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2023-055/

14 Dec 2023 14:05Current

9.9High risk

Vulners AI Score9.9

CVSS 3.19.8

EPSS0.00811

CWE-732