CVE-2023-46144 PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check

🗓️ 14 Dec 2023 14:08:07Reported by CERTVDEType

PLCnext Control code download vulnerabilit

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-46144	10 Jan 202422:46	–	circl
CNNVD	PHOENIX CONTACT PLCnext Engineer and PLCnext Control Devices Security Vulnerability	14 Dec 202300:00	–	cnnvd
CVE	CVE-2023-46144	14 Dec 202314:08	–	cve
EUVD	EUVD-2023-50387	3 Oct 202520:07	–	euvd
NVD	CVE-2023-46144	14 Dec 202314:15	–	nvd
OSV	CVE-2023-46144	14 Dec 202314:15	–	osv
Prion	Design/Logic Flaw	14 Dec 202314:15	–	prion
Positive Technologies	PT-2023-29874 · Plcnext · Plcnext	14 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-46144	23 May 202503:54	–	redhatcve
Tenable Nessus	Phoenix Contact PLCnext Control Integrity Check Fails to Identify Out-of-Band Logic Changes (CVE-2023-46144)	8 Jan 202400:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 1152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 2152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AXC F 3152",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "BPC 9102S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1502",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EPC 1522",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PLCnext Engineer",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072R",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RFC 4072S",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2024.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
https	www.https//cert.vde.com/en/advisories/VDE-2023-056/

01 Oct 2024 06:18Current

7.8High risk

Vulners AI Score7.8

CVSS 3.16.5

EPSS0.00309

CWE-494