CVE-2023-46144 - OpenCVE

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Phoenixcontact	Bpc 9102s Axc F 3152 Rfc 4072s Firmware Axc F 2152 Axc F 3152 Firmware Bpc 9102s Firmware Axc F 1152 Epc 1522 Axc F 1152 Firmware Rfc 4072s Axc F 2152 Firmware Epc 1502 Epc 1522 Firmware Plcnext Engineer Epc 1502 Firmware Rfc 4072r Rfc 4072r Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

References

Link	Resource
https://https://cert.vde.com/en/advisories/VDE-2023-056/	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-12-14T14:08:07.244Z

Updated: 2023-12-14T14:08:07.244Z

Reserved: 2023-10-17T07:04:03.577Z

Link: CVE-2023-46144

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-14T14:15:43.447

Modified: 2023-12-21T17:16:11.880

Link: CVE-2023-46144

JSON object: View

Redhat Information

No data.

CWE

CWE-494