CVE-2023-46142

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://https://cert.vde.com/en/advisories/VDE-2023-056/	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

History

21 Dec 2023, 17:15

Type	Values Removed	Values Added
First Time		Phoenixcontact rfc 4072s Phoenixcontact bpc 9102s Phoenixcontact bpc 9102s Firmware Phoenixcontact axc F 3152 Phoenixcontact plcnext Engineer Phoenixcontact axc F 1152 Firmware Phoenixcontact axc F 2152 Phoenixcontact epc 1522 Firmware Phoenixcontact rfc 4072r Firmware Phoenixcontact Phoenixcontact rfc 4072s Firmware Phoenixcontact epc 1502 Phoenixcontact axc F 3152 Firmware Phoenixcontact epc 1522 Phoenixcontact axc F 2152 Firmware Phoenixcontact epc 1502 Firmware Phoenixcontact axc F 1152 Phoenixcontact rfc 4072r
References	~~() https://https://cert.vde.com/en/advisories/VDE-2023-056/ -~~	() https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link
CPE		cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:::::::: cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:::::::: cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:::::::: cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:::::::: cpe:2.3:h:phoenixcontact:epc_1502:-:::::::* cpe:2.3:h:phoenixcontact:bpc_9102s:-:::::::* cpe:2.3:h:phoenixcontact:axc_f_3152:-:::::::* cpe:2.3:h:phoenixcontact:epc_1522:-:::::::* cpe:2.3:o:phoenixcontact:epc_1502_firmware:::::::: cpe:2.3:h:phoenixcontact:rfc_4072r:-:::::::* cpe:2.3:h:phoenixcontact:rfc_4072s:-:::::::* cpe:2.3:h:phoenixcontact:axc_f_2152:-:::::::* cpe:2.3:o:phoenixcontact:epc_1522_firmware:::::::: cpe:2.3:a:phoenixcontact:plcnext_engineer:::::::: cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:::::::: cpe:2.3:h:phoenixcontact:axc_f_1152:-:::::::* cpe:2.3:o:phoenixcontact:bpc_9102s_firmware::::::::

14 Dec 2023, 14:49

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-14 14:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-46142

Mitre link : CVE-2023-46142

CVE.ORG link : CVE-2023-46142

JSON object : View

Products Affected

phoenixcontact

epc_1522_firmware
axc_f_2152
plcnext_engineer
rfc_4072r
epc_1522
rfc_4072s
epc_1502
axc_f_2152_firmware
bpc_9102s
rfc_4072s_firmware
bpc_9102s_firmware
epc_1502_firmware
axc_f_3152_firmware
rfc_4072r_firmware
axc_f_3152
axc_f_1152_firmware
axc_f_1152

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

8.8 /10