Lucene search

[email protected]NVD:CVE-2023-46142

HistoryDec 14, 2023 - 2:15 p.m.

CVE-2023-46142

2023-12-1414:15:42

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-46142

remote attacker

low privileges

critical resource

full access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Affected configurations

NVD

Node

phoenixcontactaxc_f_1152Match-

AND

phoenixcontactaxc_f_1152_firmwareRange≤2024.0

Node

phoenixcontactaxc_f_2152Match-

AND

phoenixcontactaxc_f_2152_firmwareRange≤2024.0

Node

phoenixcontactaxc_f_3152Match-

AND

phoenixcontactaxc_f_3152_firmwareRange≤2024.0

Node

phoenixcontactbpc_9102sMatch-

AND

phoenixcontactbpc_9102s_firmwareRange≤2024.0

Node

phoenixcontactepc_1502Match-

AND

phoenixcontactepc_1502_firmwareRange≤2024.0

Node

phoenixcontactepc_1522Match-

AND

phoenixcontactepc_1522_firmwareRange≤2024.0

Node

phoenixcontactplcnext_engineerRange≤2024.0

Node

phoenixcontactrfc_4072rMatch-

AND

phoenixcontactrfc_4072r_firmwareRange≤2024.0

Node

phoenixcontactrfc_4072sMatch-

AND

phoenixcontactrfc_4072s_firmwareRange≤2024.0

References

https://cert.vde.com/en/advisories/VDE-2023-056/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for NVD:CVE-2023-46142

prion1 nessus1 cvelist1 cve1