CVE-2023-46141

Summary

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAutomation Worx Software Suiteallaffected
PHOENIX CONTACTAXC 1050allaffected
PHOENIX CONTACTAXC 1050 XCallaffected
PHOENIX CONTACTAXC 3050allaffected
PHOENIX CONTACTConfig+allaffected
PHOENIX CONTACTFC 350 PCI ETHallaffected
PHOENIX CONTACTILC1x0allaffected
PHOENIX CONTACTILC1x1allaffected
PHOENIX CONTACTILC 3xxallaffected
PHOENIX CONTACTPC Worxallaffected
PHOENIX CONTACTPC Worx Expressallaffected
PHOENIX CONTACTPC WORX RT BASICallaffected
PHOENIX CONTACTPC WORX SRTallaffected
PHOENIX CONTACTRFC 430 ETH-IBallaffected
PHOENIX CONTACTRFC 450 ETH-IBallaffected
PHOENIX CONTACTRFC 460R PN 3TXallaffected
PHOENIX CONTACTRFC 470S PN 3TXallaffected
PHOENIX CONTACTRFC 480S PN 4TXallaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References