// For flags

CVE-2023-46142

PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Una asignación de permiso incorrecta para una vulnerabilidad de recursos críticos en los productos PLCnext permite que un atacante remoto con privilegios bajos obtenga acceso completo a los dispositivos afectados.

*Credits: Reid Wightman of Dragos, Inc.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-10-17 CVE Reserved
  • 2023-12-14 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 1152 Firmware
Search vendor "Phoenixcontact" for product "Axc F 1152 Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Axc F 1152 Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 1152
Search vendor "Phoenixcontact" for product "Axc F 1152"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 2152 Firmware
Search vendor "Phoenixcontact" for product "Axc F 2152 Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Axc F 2152 Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 2152
Search vendor "Phoenixcontact" for product "Axc F 2152"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 3152 Firmware
Search vendor "Phoenixcontact" for product "Axc F 3152 Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Axc F 3152 Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Axc F 3152
Search vendor "Phoenixcontact" for product "Axc F 3152"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Bpc 9102s Firmware
Search vendor "Phoenixcontact" for product "Bpc 9102s Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Bpc 9102s Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Bpc 9102s
Search vendor "Phoenixcontact" for product "Bpc 9102s"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Epc 1502 Firmware
Search vendor "Phoenixcontact" for product "Epc 1502 Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Epc 1502 Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Epc 1502
Search vendor "Phoenixcontact" for product "Epc 1502"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Epc 1522 Firmware
Search vendor "Phoenixcontact" for product "Epc 1522 Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Epc 1522 Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Epc 1522
Search vendor "Phoenixcontact" for product "Epc 1522"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Rfc 4072r Firmware
Search vendor "Phoenixcontact" for product "Rfc 4072r Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Rfc 4072r Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Rfc 4072r
Search vendor "Phoenixcontact" for product "Rfc 4072r"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Rfc 4072s Firmware
Search vendor "Phoenixcontact" for product "Rfc 4072s Firmware"
<= 2024.0
Search vendor "Phoenixcontact" for product "Rfc 4072s Firmware" and version " <= 2024.0"
-
Affected
in Phoenixcontact
Search vendor "Phoenixcontact"
Rfc 4072s
Search vendor "Phoenixcontact" for product "Rfc 4072s"
--
Safe
Phoenixcontact
Search vendor "Phoenixcontact"
Plcnext Engineer
Search vendor "Phoenixcontact" for product "Plcnext Engineer"
<= 2024.0
Search vendor "Phoenixcontact" for product "Plcnext Engineer" and version " <= 2024.0"
-
Affected