CVE-2023-46144

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type Values Removed Values Added
References () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link

21 Dec 2023, 17:16

Type Values Removed Values Added
CPE cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.7
v2 : unknown
v3 : 6.5
References () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link
First Time Phoenixcontact axc F 1152
Phoenixcontact axc F 3152
Phoenixcontact axc F 1152 Firmware
Phoenixcontact axc F 2152
Phoenixcontact bpc 9102s Firmware
Phoenixcontact rfc 4072r
Phoenixcontact bpc 9102s
Phoenixcontact rfc 4072s
Phoenixcontact epc 1522 Firmware
Phoenixcontact
Phoenixcontact rfc 4072s Firmware
Phoenixcontact plcnext Engineer
Phoenixcontact axc F 3152 Firmware
Phoenixcontact rfc 4072r Firmware
Phoenixcontact epc 1522
Phoenixcontact epc 1502
Phoenixcontact axc F 2152 Firmware
Phoenixcontact epc 1502 Firmware

14 Dec 2023, 14:49

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 14:15

Updated : 2024-11-21 08:27


NVD link : CVE-2023-46144

Mitre link : CVE-2023-46144

CVE.ORG link : CVE-2023-46144


JSON object : View

Products Affected

phoenixcontact

  • rfc_4072r
  • axc_f_3152
  • axc_f_1152
  • epc_1522_firmware
  • axc_f_2152
  • epc_1522
  • plcnext_engineer
  • axc_f_3152_firmware
  • rfc_4072r_firmware
  • rfc_4072s
  • bpc_9102s_firmware
  • rfc_4072s_firmware
  • axc_f_1152_firmware
  • axc_f_2152_firmware
  • epc_1502
  • bpc_9102s
  • epc_1502_firmware
CWE
CWE-494

Download of Code Without Integrity Check