Lucene search
CERTVDECVE-2023-46141HistoryDec 14, 2023 - 2:15 p.m.
CVE-2023-46141
2023-12-1414:15:42
CWE-732
CERTVDE
web.nvd.nist.gov
17
cve-2023-46141
incorrect permission assignment
phoenix contact
classic line
security vulnerability
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
52.0%
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
Affected configurations
Node
phoenixcontactautomationworx_software_suite
Node
phoenixcontactaxc_1050Match-
phoenixcontactaxc_1050_firmware
Node
phoenixcontactaxc_1050_xcMatch-
phoenixcontactaxc_1050_xc_firmware
Node
phoenixcontactaxc_3050Match-
phoenixcontactaxc_3050_firmware
Node
phoenixcontactconfig\+
Node
phoenixcontactfc_350_pci_ethMatch-
phoenixcontactfc_350_pci_eth_firmware
Node
phoenixcontactilc1x0Match-
phoenixcontactilc1x0_firmware
Node
phoenixcontactilc1x1Match-
phoenixcontactilc1x1_firmware
Node
phoenixcontactilc_3xxMatch-
phoenixcontactilc_3xx_firmware
Node
phoenixcontactpc_worx
Node
phoenixcontactpc_worx_express
Node
phoenixcontactpc_worx_rt_basic_firmware
phoenixcontactpc_worx_rt_basicMatch-
Node
phoenixcontactpc_worx_srt
Node
phoenixcontactrfc_430_eth-ib_firmware
phoenixcontactrfc_430_eth-ibMatch-
Node
phoenixcontactrfc_450_eth-ib_firmware
phoenixcontactrfc_450_eth-ibMatch-
Node
phoenixcontactrfc_460r_pn_3tx_firmware
phoenixcontactrfc_460r_pn_3txMatch-
Node
phoenixcontactrfc_470s_pn_3tx_firmware
phoenixcontactrfc_470s_pn_3txMatch-
Node
phoenixcontactrfc_480s_pn_4tx_firmware
phoenixcontactrfc_480s_pn_4txMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phoenixcontact | automationworx_software_suite | * | cpe:2.3:a:phoenixcontact:automationworx_software_suite:*:*:*:*:*:*:*:* |
| phoenixcontact | axc_1050 | - | cpe:2.3:h:phoenixcontact:axc_1050:-:*:*:*:*:*:*:* |
| phoenixcontact | axc_1050_firmware | * | cpe:2.3:o:phoenixcontact:axc_1050_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | axc_1050_xc | - | cpe:2.3:h:phoenixcontact:axc_1050_xc:-:*:*:*:*:*:*:* |
| phoenixcontact | axc_1050_xc_firmware | * | cpe:2.3:o:phoenixcontact:axc_1050_xc_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | axc_3050 | - | cpe:2.3:h:phoenixcontact:axc_3050:-:*:*:*:*:*:*:* |
| phoenixcontact | axc_3050_firmware | * | cpe:2.3:o:phoenixcontact:axc_3050_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | config\+ | * | cpe:2.3:a:phoenixcontact:config\+:*:*:*:*:*:*:*:* |
| phoenixcontact | fc_350_pci_eth | - | cpe:2.3:h:phoenixcontact:fc_350_pci_eth:-:*:*:*:*:*:*:* |
| phoenixcontact | fc_350_pci_eth_firmware | * | cpe:2.3:o:phoenixcontact:fc_350_pci_eth_firmware:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Automation Worx Software Suite",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050 XC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FC 350 PCI ETH",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x0",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x1",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 3xx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX RT BASIC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX SRT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 430 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 450 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 460R PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 470S PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 480S PN 4TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
]References
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
52.0%
Related for CVE-2023-46141