CVE-2023-46144

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

A

download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

References

Link	Resource
https://https://cert.vde.com/en/advisories/VDE-2023-056/	Broken Link
https://https://cert.vde.com/en/advisories/VDE-2023-056/	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link~~	() https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link

Information

Published : 2023-12-14 14:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-46144

Mitre link : CVE-2023-46144

CVE.ORG link : CVE-2023-46144

JSON object : View

Products Affected

phoenixcontact

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2023-46144", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-12-14T14:15:43.447", "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."}, {"lang": "es", "value": "Una descarga de c\u00f3digo sin vulnerabilidad de verificaci\u00f3n de integridad en los productos PLCnext permite que un atacante remoto con privilegios bajos comprometa la integridad de la estaci\u00f3n de ingenier\u00eda afectada y los dispositivos conectados."}], "lastModified": "2024-11-21T08:27:58.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C72F7B2-43D1-43CB-B611-B57487E9AE53", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA16E9E-ADBB-4943-AE2D-7C49F882A809", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28DCF3B-C26E-44BE-BCA1-0AED56326FC3", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97B1250-2830-4EFC-9393-DF96E129E16D", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "346E85EB-8800-40C7-A7DA-EA587CF90F08"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E7E962-9BA0-418B-8A43-541C5278C9ED", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85AF0A71-02C4-4CFF-A820-5C326F066024"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3671BE8-A1DE-444E-9A24-5C86E4F0BBF1", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CBD531B6-09DA-4B4A-AA7C-C2A54B089C67"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6A5C5E9-4F2C-44BC-8B64-29D25C789643", "versionEndIncluding": "2024.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1D89DD-1717-4E84-8A33-82AA29594E7D", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65D9C540-F273-4EA8-8FF6-95DF46B01D89"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E633B5AB-BD27-461D-8083-20CC1C768D34", "versionEndIncluding": "2024.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}