Phoenixcontact Plcnext Engineer vulnerabilities

CVE-2023-46142 [HIGH] CWE-732 CVE-2023-46142: A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

CVE-2023-46144 [MEDIUM] CWE-494 CVE-2023-46144: A download of code without integrity check vulnerability in PLCnext products allows an remote attack A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVE-2023-3935 [CRITICAL] CWE-787 CVE-2023-3935: A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b a A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVE-2020-12499 [HIGH] CWE-22 CVE-2020-12499: In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnera In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.