CVE-2023-46143

Summary

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAutomation Worx Software Suiteallaffected
PHOENIX CONTACTAXC 1050allaffected
PHOENIX CONTACTAXC 1050 XCallaffected
PHOENIX CONTACTAXC 3050allaffected
PHOENIX CONTACTConfig+allaffected
PHOENIX CONTACTFC 350 PCI ETHallaffected
PHOENIX CONTACTILC1x0allaffected
PHOENIX CONTACTILC1x1allaffected
PHOENIX CONTACTILC 3xxallaffected
PHOENIX CONTACTPC Worxallaffected
PHOENIX CONTACTPC Worx Expressallaffected
PHOENIX CONTACTPC WORX RT BASICallaffected
PHOENIX CONTACTPC WORX SRTallaffected
PHOENIX CONTACTRFC 430 ETH-IBallaffected
PHOENIX CONTACTRFC 450 ETH-IBallaffected
PHOENIX CONTACTRFC 460R PN 3TXallaffected
PHOENIX CONTACTRFC 470S PN 3TXallaffected
PHOENIX CONTACTRFC 480S PN 4TXallaffected

Weaknesses

  • CWE-494: CWE-494 Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References