CVE-2023-0757

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.8%
top 25.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Phoenix Contact MultiprogPhoenix Contact Proconos Eclr (sdk)
Timeline
PublishedDec 14

Description

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j2r4-7r3h-j7m5: Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauth2023-12-14
CVEList
Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource2023-12-14
CVE-2023-0757 (CRITICAL CVSS 9.8) | Incorrect Permission Assignment for | cvebase.io