Overview
- Description
- Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
- Source
- info@cert.vde.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- info@cert.vde.com
- CWE-732
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:multiprog:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42452860-CB53-479D-ADE1-E8166EC834C4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:proconos_eclr:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9A422FD-2C4C-4B77-B619-6747474A3FA7"
}
],
"operator": "OR"
}
]
}
]