Lucene search

[email protected]NVD:CVE-2023-46144

HistoryDec 14, 2023 - 2:15 p.m.

CVE-2023-46144

2023-12-1414:15:43

CWE-494

[email protected]

web.nvd.nist.gov

integrity compromise

remote attacker

plcnext products

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

26.1%

JSON

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Affected configurations

NVD

Node

phoenixcontactaxc_f_1152_firmwareRange≤2024.0

AND

phoenixcontactaxc_f_1152Match-

Node

phoenixcontactaxc_f_2152_firmwareRange≤2024.0

AND

phoenixcontactaxc_f_2152Match-

Node

phoenixcontactaxc_f_3152_firmwareRange≤2024.0

AND

phoenixcontactaxc_f_3152Match-

Node

phoenixcontactbpc_9102s_firmwareRange≤2024.0

AND

phoenixcontactbpc_9102sMatch-

Node

phoenixcontactepc_1502_firmwareRange≤2024.0

AND

phoenixcontactepc_1502Match-

Node

phoenixcontactepc_1522_firmwareRange≤2024.0

AND

phoenixcontactepc_1522Match-

Node

phoenixcontactplcnext_engineerRange≤2024.0

Node

phoenixcontactrfc_4072r_firmwareRange≤2024.0

AND

phoenixcontactrfc_4072rMatch-

Node

phoenixcontactrfc_4072s_firmwareRange≤2024.0

AND

phoenixcontactrfc_4072sMatch-

References

https://cert.vde.com/en/advisories/VDE-2023-056/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for NVD:CVE-2023-46144

prion1 cve1 nessus1 cvelist1