CVE-2023-46142
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PHOENIX CONTACT | AXC F 1152 | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | AXC F 2152 | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | AXC F 3152 | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | BPC 9102S | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | EPC 1502 | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | EPC 1522 | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | PLCnext Engineer | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | RFC 4072R | 0 <= 2024.0 | affected |
| PHOENIX CONTACT | RFC 4072S | 0 <= 2024.0 | affected |
Weaknesses
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.