CVE-2023-46143

EPSS 0.24%
Veröffentlicht 14.12.2023 14:15:43
Zuletzt bearbeitet 21.11.2024 08:27:58
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 18 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenixcontact ≫ Automationworx Software Suite

Phoenixcontact ≫ Axc 1050 Firmware

Phoenixcontact ≫ Axc 1050 Version-

Phoenixcontact ≫ Axc 1050 Xc Firmware

Phoenixcontact ≫ Axc 1050 Xc Version-

Phoenixcontact ≫ Axc 3050 Firmware

Phoenixcontact ≫ Axc 3050 Version-

Phoenixcontact ≫ Config+

Phoenixcontact ≫ Fc 350 Pci Eth Firmware

Phoenixcontact ≫ Fc 350 Pci Eth Version-

Phoenixcontact ≫ Ilc1x0 Firmware

Phoenixcontact ≫ Ilc1x0 Version-

Phoenixcontact ≫ Ilc1x1 Firmware

Phoenixcontact ≫ Ilc1x1 Version-

Phoenixcontact ≫ Ilc 3xx Firmware

Phoenixcontact ≫ Ilc 3xx Version-

Phoenixcontact ≫ Pc Worx

Phoenixcontact ≫ Pc Worx Express

Phoenixcontact ≫ Pc Worx Rt Basic Firmware

Phoenixcontact ≫ Pc Worx Rt Basic Version-

Phoenixcontact ≫ Pc Worx Srt

Phoenixcontact ≫ Rfc 430 Eth-ib Firmware

Phoenixcontact ≫ Rfc 430 Eth-ib Version-

Phoenixcontact ≫ Rfc 450 Eth-ib Firmware

Phoenixcontact ≫ Rfc 450 Eth-ib Version-

Phoenixcontact ≫ Rfc 460r Pn 3tx Firmware

Phoenixcontact ≫ Rfc 460r Pn 3tx Version-

Phoenixcontact ≫ Rfc 470s Pn 3tx Firmware

Phoenixcontact ≫ Rfc 470s Pn 3tx Version-

Phoenixcontact ≫ Rfc 480s Pn 4tx Firmware

Phoenixcontact ≫ Rfc 480s Pn 4tx Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://cert.vde.com/en/advisories/VDE-2023-057/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-46143

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46143

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46143

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-46143