CVE-2023-46142 PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control

🗓️ 14 Dec 2023 14:05:35Reported by CERTVDEType

Insufficient Protection in PLCnext Contro

Reporter	Title	Published	Views	Family All 9
CNNVD	PHOENIX CONTACT PLCnext Control Devices Security Breach	14 Dec 202300:00	–	cnnvd
CVE	CVE-2023-46142	14 Dec 202314:05	–	cve
EUVD	EUVD-2023-50385	3 Oct 202520:07	–	euvd
NVD	CVE-2023-46142	14 Dec 202314:15	–	nvd
OSV	CVE-2023-46142	14 Dec 202314:15	–	osv
Prion	Code injection	14 Dec 202314:15	–	prion
Positive Technologies	PT-2023-29873 · Plcnext · Plcnext	14 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-46142	23 May 202503:54	–	redhatcve
Tenable Nessus	Phoenix Contact PLCnext Control Insufficient Read and Write Protection to Logic and Runtime Data (CVE-2023-46142)	8 Jan 202400:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 1152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 2152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 3152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "BPC 9102S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1502",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1522",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PLCnext Engineer",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072R",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
https	www.https//cert.vde.com/en/advisories/VDE-2023-056/

14 Dec 2023 14:05Current

9High risk

Vulners AI Score9

CVSS 3.18.8

EPSS0.00258

CWE-732