CVE-2023-46144

CWE-4943 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 85.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact AXC F 1152 Phoenix Contact AXC F 2152 Phoenix Contact AXC F 3152 +15 more

Timeline

PublishedDec 14

Description

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

▶NVDphoenixcontact/plcnext_engineer2024.0

▶CVEListV5phoenix_contact/plcnext_engineer2024.0

▶CVEListV5phoenix_contact/epc_15022024.0

▶CVEListV5phoenix_contact/epc_15222024.0

▶CVEListV5phoenix_contact/bpc_9102s2024.0

🔴Vulnerability Details

GHSA

GHSA-hqgv-wx4f-4hmj: A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on↗2023-12-14

▶

CVEList

PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check↗2023-12-14

▶