CVE-2023-46142 - OpenCVE

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Phoenixcontact	Bpc 9102s Axc F 3152 Rfc 4072s Firmware Axc F 2152 Axc F 3152 Firmware Bpc 9102s Firmware Axc F 1152 Epc 1522 Axc F 1152 Firmware Rfc 4072s Axc F 2152 Firmware Epc 1502 Epc 1522 Firmware Plcnext Engineer Epc 1502 Firmware Rfc 4072r Rfc 4072r Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

References

Link	Resource
https://https://cert.vde.com/en/advisories/VDE-2023-056/	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-12-14T14:05:35.741Z

Updated: 2023-12-14T14:05:35.741Z

Reserved: 2023-10-17T07:04:03.576Z

Link: CVE-2023-46142

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-14T14:15:42.983

Modified: 2023-12-21T17:15:15.170

Link: CVE-2023-46142

JSON object: View

Redhat Information

No data.

CWE

CWE-732