6.5
CVE-2023-46144
- EPSS 0.05%
- Published 14.12.2023 14:15:43
- Last modified 21.11.2024 08:27:58
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
Data is provided by the National Vulnerability Database (NVD)
Phoenixcontact ≫ Axc F 1152 Firmware Version <= 2024.0
Phoenixcontact ≫ Axc F 2152 Firmware Version <= 2024.0
Phoenixcontact ≫ Axc F 3152 Firmware Version <= 2024.0
Phoenixcontact ≫ Bpc 9102s Firmware Version <= 2024.0
Phoenixcontact ≫ Epc 1502 Firmware Version <= 2024.0
Phoenixcontact ≫ Epc 1522 Firmware Version <= 2024.0
Phoenixcontact ≫ Plcnext Engineer Version <= 2024.0
Phoenixcontact ≫ Rfc 4072r Firmware Version <= 2024.0
Phoenixcontact ≫ Rfc 4072s Firmware Version <= 2024.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.139 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.