CERTVDECVE-2023-5592CVE-2023-5592
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
36.3%
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phoenixcontact | multiprog | * | cpe:2.3:a:phoenixcontact:multiprog:*:*:*:*:*:*:*:* |
| phoenixcontact | proconos_eclr | * | cpe:2.3:a:phoenixcontact:proconos_eclr:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MULTIPROG",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProConOS eCLR (SDK)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
]References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
36.3%