CVE-2023-46144
published 2023-12-14CVE-2023-46144: A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | axc_f_1152 | <= 2024.0 | — |
| phoenix_contact | axc_f_2152 | <= 2024.0 | — |
| phoenix_contact | axc_f_3152 | <= 2024.0 | — |
| phoenix_contact | bpc_9102s | <= 2024.0 | — |
| phoenix_contact | epc_1502 | <= 2024.0 | — |
| phoenix_contact | epc_1522 | <= 2024.0 | — |
| phoenix_contact | plcnext_engineer | <= 2024.0 | — |
| phoenix_contact | rfc_4072r | <= 2024.0 | — |
| phoenix_contact | rfc_4072s | <= 2024.0 | — |
| phoenixcontact | axc_f_1152_firmware | <= 2024.0 | — |
| phoenixcontact | axc_f_2152_firmware | <= 2024.0 | — |
| phoenixcontact | axc_f_3152_firmware | <= 2024.0 | — |
| phoenixcontact | bpc_9102s_firmware | <= 2024.0 | — |
| phoenixcontact | epc_1502_firmware | <= 2024.0 | — |
| phoenixcontact | epc_1522_firmware | <= 2024.0 | — |
| phoenixcontact | plcnext_engineer | <= 2024.0 | — |
| phoenixcontact | rfc_4072r_firmware | <= 2024.0 | — |
| phoenixcontact | rfc_4072s_firmware | <= 2024.0 | — |