A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
References
Link | Resource |
---|---|
https://https://cert.vde.com/en/advisories/VDE-2023-056/ | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
21 Dec 2023, 17:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:* |
|
References | () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link | |
First Time |
Phoenixcontact axc F 1152 Firmware
Phoenixcontact epc 1522 Firmware Phoenixcontact axc F 1152 Phoenixcontact rfc 4072r Phoenixcontact rfc 4072s Phoenixcontact axc F 3152 Firmware Phoenixcontact plcnext Engineer Phoenixcontact epc 1502 Phoenixcontact bpc 9102s Phoenixcontact rfc 4072r Firmware Phoenixcontact axc F 2152 Phoenixcontact epc 1502 Firmware Phoenixcontact bpc 9102s Firmware Phoenixcontact axc F 2152 Firmware Phoenixcontact rfc 4072s Firmware Phoenixcontact epc 1522 Phoenixcontact axc F 3152 Phoenixcontact |
|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
14 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 14:15
Updated : 2023-12-21 17:16
NVD link : CVE-2023-46144
Mitre link : CVE-2023-46144
CVE.ORG link : CVE-2023-46144
JSON object : View
Products Affected
phoenixcontact
- axc_f_1152
- rfc_4072r
- rfc_4072r_firmware
- rfc_4072s_firmware
- epc_1522_firmware
- axc_f_2152_firmware
- plcnext_engineer
- bpc_9102s_firmware
- axc_f_3152_firmware
- axc_f_1152_firmware
- epc_1522
- rfc_4072s
- axc_f_2152
- epc_1502
- axc_f_3152
- epc_1502_firmware
- bpc_9102s
CWE
CWE-494
Download of Code Without Integrity Check