CVE-2023-46144

Summary

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAXC F 11520 <= 2024.0affected
PHOENIX CONTACTAXC F 21520 <= 2024.0affected
PHOENIX CONTACTAXC F 31520 <= 2024.0affected
PHOENIX CONTACTBPC 9102S0 <= 2024.0affected
PHOENIX CONTACTEPC 15020 <= 2024.0affected
PHOENIX CONTACTEPC 15220 <= 2024.0affected
PHOENIX CONTACTPLCnext Engineer0 <= 2024.0affected
PHOENIX CONTACTRFC 4072R0 <= 2024.0affected
PHOENIX CONTACTRFC 4072S0 <= 2024.0affected

Weaknesses

  • CWE-494: CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References