CVE-2023-46142

Published Dec 14, 2023

Last updated a year ago

CVSS high 8.8

Overview

Description: A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

info@cert.vde.com: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C72F7B2-43D1-43CB-B611-B57487E9AE53",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EA16E9E-ADBB-4943-AE2D-7C49F882A809",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28DCF3B-C26E-44BE-BCA1-0AED56326FC3",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "346E85EB-8800-40C7-A7DA-EA587CF90F08"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A97B1250-2830-4EFC-9393-DF96E129E16D",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "85AF0A71-02C4-4CFF-A820-5C326F066024"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E7E962-9BA0-418B-8A43-541C5278C9ED",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CBD531B6-09DA-4B4A-AA7C-C2A54B089C67"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3671BE8-A1DE-444E-9A24-5C86E4F0BBF1",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6A5C5E9-4F2C-44BC-8B64-29D25C789643",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65D9C540-F273-4EA8-8FF6-95DF46B01D89"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE1D89DD-1717-4E84-8A33-82AA29594E7D",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E633B5AB-BD27-461D-8083-20CC1C768D34",
            "versionEndIncluding": "2024.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References