CVE-2023-46141 — Incorrect Permission Assignment in Contact Automation Worx Software Suite

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Automation Worx Software Suite Phoenix Contact AXC 1050 Phoenix Contact AXC 1050 XC +15 more

Timeline

PublishedDec 14

Description

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages18 packages

▶CVEListV5phoenix_contact/configall

▶CVEListV5phoenix_contact/ilc1x0all

▶CVEListV5phoenix_contact/ilc1x1all

▶CVEListV5phoenix_contact/ilc_3xxall

▶CVEListV5phoenix_contact/pc_worxall

🔴Vulnerability Details

GHSA

GHSA-c4vw-934c-jc76: Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthent↗2023-12-14

▶

CVEList

Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource↗2023-12-14

▶