CVE-2023-46142

Summary

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAXC F 11520 <= 2024.0affected
PHOENIX CONTACTAXC F 21520 <= 2024.0affected
PHOENIX CONTACTAXC F 31520 <= 2024.0affected
PHOENIX CONTACTBPC 9102S0 <= 2024.0affected
PHOENIX CONTACTEPC 15020 <= 2024.0affected
PHOENIX CONTACTEPC 15220 <= 2024.0affected
PHOENIX CONTACTPLCnext Engineer0 <= 2024.0affected
PHOENIX CONTACTRFC 4072R0 <= 2024.0affected
PHOENIX CONTACTRFC 4072S0 <= 2024.0affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References