CVE-2023-46142

PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control

CVSS 8.8 HIGHEPSS 0.7%CWE-732

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

PHOENIX CONTACT · AXC F 1152 PHOENIX CONTACT · AXC F 2152 PHOENIX CONTACT · AXC F 3152 PHOENIX CONTACT · BPC 9102S PHOENIX CONTACT · EPC 1502 PHOENIX CONTACT · EPC 1522 PHOENIX CONTACT · PLCnext Engineer PHOENIX CONTACT · RFC 4072R PHOENIX CONTACT · RFC 4072S

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://https://cert.vde.com/en/advisories/VDE-2023-056/