Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46142

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

Published

2023-12-14T14:15:42.983

Last Modified

2024-11-21T08:27:58.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	axc_f_1152_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	axc_f_1152	-	No
Operating System	phoenixcontact	axc_f_2152_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	axc_f_2152	-	No
Operating System	phoenixcontact	axc_f_3152_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	axc_f_3152	-	No
Operating System	phoenixcontact	bpc_9102s_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	bpc_9102s	-	No
Operating System	phoenixcontact	epc_1502_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	epc_1502	-	No
Operating System	phoenixcontact	epc_1522_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	epc_1522	-	No
Application	phoenixcontact	plcnext_engineer	≤ 2024.0	Yes
Operating System	phoenixcontact	rfc_4072r_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	rfc_4072r	-	No
Operating System	phoenixcontact	rfc_4072s_firmware	≤ 2024.0	Yes
Hardware	phoenixcontact	rfc_4072s	-	No

References

https://https://cert.vde.com/en/advisories/VDE-2023-056/ Broken Link ([email protected])
https://https://cert.vde.com/en/advisories/VDE-2023-056/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)