A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
References
Link | Resource |
---|---|
https://https://cert.vde.com/en/advisories/VDE-2023-056/ | Broken Link |
https://https://cert.vde.com/en/advisories/VDE-2023-056/ | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
21 Nov 2024, 08:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link |
21 Dec 2023, 17:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link | |
First Time |
Phoenixcontact axc F 1152
Phoenixcontact axc F 3152 Phoenixcontact axc F 1152 Firmware Phoenixcontact axc F 2152 Phoenixcontact bpc 9102s Firmware Phoenixcontact rfc 4072r Phoenixcontact bpc 9102s Phoenixcontact rfc 4072s Phoenixcontact epc 1522 Firmware Phoenixcontact Phoenixcontact rfc 4072s Firmware Phoenixcontact plcnext Engineer Phoenixcontact axc F 3152 Firmware Phoenixcontact rfc 4072r Firmware Phoenixcontact epc 1522 Phoenixcontact epc 1502 Phoenixcontact axc F 2152 Firmware Phoenixcontact epc 1502 Firmware |
14 Dec 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 14:15
Updated : 2024-11-21 08:27
NVD link : CVE-2023-46144
Mitre link : CVE-2023-46144
CVE.ORG link : CVE-2023-46144
JSON object : View
Products Affected
phoenixcontact
- rfc_4072r
- axc_f_3152
- axc_f_1152
- epc_1522_firmware
- axc_f_2152
- epc_1522
- plcnext_engineer
- axc_f_3152_firmware
- rfc_4072r_firmware
- rfc_4072s
- bpc_9102s_firmware
- rfc_4072s_firmware
- axc_f_1152_firmware
- axc_f_2152_firmware
- epc_1502
- bpc_9102s
- epc_1502_firmware
CWE
CWE-494
Download of Code Without Integrity Check