CVE-2023-46144

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-46144
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://https://cert.vde.com/en/advisories/VDE-2023-056/ Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*
History

21 Dec 2023, 17:16

Type Values Removed Values Added
CPE cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*
References () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link
First Time Phoenixcontact axc F 1152 Firmware
Phoenixcontact epc 1522 Firmware
Phoenixcontact axc F 1152
Phoenixcontact rfc 4072r
Phoenixcontact rfc 4072s
Phoenixcontact axc F 3152 Firmware
Phoenixcontact plcnext Engineer
Phoenixcontact epc 1502
Phoenixcontact bpc 9102s
Phoenixcontact rfc 4072r Firmware
Phoenixcontact axc F 2152
Phoenixcontact epc 1502 Firmware
Phoenixcontact bpc 9102s Firmware
Phoenixcontact axc F 2152 Firmware
Phoenixcontact rfc 4072s Firmware
Phoenixcontact epc 1522
Phoenixcontact axc F 3152
Phoenixcontact
Summary
  • (es) Una descarga de código sin vulnerabilidad de verificación de integridad en los productos PLCnext permite que un atacante remoto con privilegios bajos comprometa la integridad de la estación de ingeniería afectada y los dispositivos conectados.
CVSS v2 : unknown
v3 : 7.7 		v2 : unknown
v3 : 6.5

14 Dec 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-14 14:15

Updated : 2023-12-21 17:16

NVD link : CVE-2023-46144

Mitre link : CVE-2023-46144

CVE.ORG link : CVE-2023-46144

JSON object : View

Products Affected

phoenixcontact

  • axc_f_1152
  • rfc_4072r
  • rfc_4072r_firmware
  • rfc_4072s_firmware
  • epc_1522_firmware
  • axc_f_2152_firmware
  • plcnext_engineer
  • bpc_9102s_firmware
  • axc_f_3152_firmware
  • axc_f_1152_firmware
  • epc_1522
  • rfc_4072s
  • axc_f_2152
  • epc_1502
  • axc_f_3152
  • epc_1502_firmware
  • bpc_9102s
CWE
CWE-494

Download of Code Without Integrity Check