← Back

CVE-2023-46141

nvd nist
Published: Dec 14, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: info@cert.vde.com (Secondary)

Description

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

Affected (18)

Phoenixcontact
18 products
Automationworx Software Suite
Axc 1050 Firmware
Axc 1050 Xc Firmware
Axc 3050 Firmware
Config+
Fc 350 Pci Eth Firmware
Ilc1x0 Firmware
Ilc1x1 Firmware
Ilc 3xx Firmware
Pc Worx
Pc Worx Express
Pc Worx Rt Basic Firmware
Pc Worx Srt
Rfc 430 Eth Ib Firmware
Rfc 450 Eth Ib Firmware
Rfc 460r Pn 3tx Firmware
Rfc 470s Pn 3tx Firmware
Rfc 480s Pn 4tx Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Automationworx Software Suite
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Axc 1050 Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Axc 1050
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Axc 1050 Xc Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Axc 1050 Xc
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Axc 3050 Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Axc 3050
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Config+
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fc 350 Pci Eth Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Fc 350 Pci Eth
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ilc1x0 Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Ilc1x0
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ilc1x1 Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Ilc1x1
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ilc 3xx Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Ilc 3xx
All versions
Configuration J
1 vulnerable
Vulnerable SoftwareAffected Versions
Pc Worx
All versions
Configuration K
1 vulnerable
Vulnerable SoftwareAffected Versions
Pc Worx Express
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pc Worx Rt Basic Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Pc Worx Rt Basic
All versions
Configuration M
1 vulnerable
Vulnerable SoftwareAffected Versions
Pc Worx Srt
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rfc 430 Eth Ib Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rfc 430 Eth Ib
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rfc 450 Eth Ib Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rfc 450 Eth Ib
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rfc 460r Pn 3tx Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rfc 460r Pn 3tx
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rfc 470s Pn 3tx Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rfc 470s Pn 3tx
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rfc 480s Pn 4tx Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rfc 480s Pn 4tx
All versions

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

Source: info@cert.vde.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.