A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
References
| Link | Resource |
|---|---|
| https://https://cert.vde.com/en/advisories/VDE-2023-056/ | Broken Link |
| https://https://cert.vde.com/en/advisories/VDE-2023-056/ | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
History
21 Nov 2024, 08:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link |
21 Dec 2023, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:* |
|
| References | () https://https://cert.vde.com/en/advisories/VDE-2023-056/ - Broken Link | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Phoenixcontact rfc 4072s
Phoenixcontact bpc 9102s Phoenixcontact bpc 9102s Firmware Phoenixcontact axc F 3152 Phoenixcontact plcnext Engineer Phoenixcontact axc F 1152 Firmware Phoenixcontact axc F 2152 Phoenixcontact epc 1522 Firmware Phoenixcontact rfc 4072r Firmware Phoenixcontact Phoenixcontact rfc 4072s Firmware Phoenixcontact epc 1502 Phoenixcontact axc F 3152 Firmware Phoenixcontact epc 1522 Phoenixcontact axc F 2152 Firmware Phoenixcontact epc 1502 Firmware Phoenixcontact axc F 1152 Phoenixcontact rfc 4072r |
14 Dec 2023, 14:49
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-14 14:15
Updated : 2024-11-21 08:27
NVD link : CVE-2023-46144
Mitre link : CVE-2023-46144
CVE.ORG link : CVE-2023-46144
JSON object : View
Products Affected
phoenixcontact
- epc_1522
- plcnext_engineer
- axc_f_3152_firmware
- axc_f_1152_firmware
- axc_f_2152
- epc_1502
- rfc_4072r
- rfc_4072s
- rfc_4072r_firmware
- epc_1502_firmware
- axc_f_2152_firmware
- bpc_9102s_firmware
- bpc_9102s
- epc_1522_firmware
- axc_f_1152
- rfc_4072s_firmware
- axc_f_3152
CWE
CWE-494
Download of Code Without Integrity Check