Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46143

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

Published

2023-12-14T14:15:43.207

Last Modified

2024-11-21T08:27:58.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-494

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phoenixcontact	automationworx_software_suite	*	Yes
Operating System	phoenixcontact	axc_1050_firmware	*	Yes
Hardware	phoenixcontact	axc_1050	-	No
Operating System	phoenixcontact	axc_1050_xc_firmware	*	Yes
Hardware	phoenixcontact	axc_1050_xc	-	No
Operating System	phoenixcontact	axc_3050_firmware	*	Yes
Hardware	phoenixcontact	axc_3050	-	No
Application	phoenixcontact	config\+	*	Yes
Operating System	phoenixcontact	fc_350_pci_eth_firmware	*	Yes
Hardware	phoenixcontact	fc_350_pci_eth	-	No
Operating System	phoenixcontact	ilc1x0_firmware	*	Yes
Hardware	phoenixcontact	ilc1x0	-	No
Operating System	phoenixcontact	ilc1x1_firmware	*	Yes
Hardware	phoenixcontact	ilc1x1	-	No
Operating System	phoenixcontact	ilc_3xx_firmware	*	Yes
Hardware	phoenixcontact	ilc_3xx	-	No
Application	phoenixcontact	pc_worx	*	Yes
Application	phoenixcontact	pc_worx_express	*	Yes
Operating System	phoenixcontact	pc_worx_rt_basic_firmware	*	Yes
Hardware	phoenixcontact	pc_worx_rt_basic	-	No
Application	phoenixcontact	pc_worx_srt	*	Yes
Operating System	phoenixcontact	rfc_430_eth-ib_firmware	*	Yes
Hardware	phoenixcontact	rfc_430_eth-ib	-	No
Operating System	phoenixcontact	rfc_450_eth-ib_firmware	*	Yes
Hardware	phoenixcontact	rfc_450_eth-ib	-	No
Operating System	phoenixcontact	rfc_460r_pn_3tx_firmware	*	Yes
Hardware	phoenixcontact	rfc_460r_pn_3tx	-	No
Operating System	phoenixcontact	rfc_470s_pn_3tx_firmware	*	Yes
Hardware	phoenixcontact	rfc_470s_pn_3tx	-	No
Operating System	phoenixcontact	rfc_480s_pn_4tx_firmware	*	Yes
Hardware	phoenixcontact	rfc_480s_pn_4tx	-	No

References

https://cert.vde.com/en/advisories/VDE-2023-057/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2023-057/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)