CVE-2023-0757

Published: Dec 14, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

Affected (2)

Products: Phoenixcontact: Multiprog, Proconos Eclr

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phoenixcontact Multiprog	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Phoenixcontact Proconos Eclr	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://cert.vde.com/en/advisories/VDE-2023-051/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-051/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.