Phoenixcontact Axc F 2152 Firmware vulnerabilities

CVE-2023-46142 [HIGH] CWE-732 CVE-2023-46142: A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

CVE-2023-46144 [MEDIUM] CWE-494 CVE-2023-46144: A download of code without integrity check vulnerability in PLCnext products allows an remote attack A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVE-2021-34570 [HIGH] CWE-20 CVE-2021-34570: Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a Do Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

CVE-2019-10998 [MEDIUM] CWE-287 CVE-2019-10998: An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.

CVE-2019-10997 [MEDIUM] CVE-2019-10997: An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.