{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46144", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-10-17T07:04:03.577Z", "datePublished": "2023-12-14T14:08:07.244Z", "dateUpdated": "2024-10-01T06:18:18.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXC F 1152", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "AXC F 2152", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "AXC F 3152", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "BPC 9102S", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "EPC 1502", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "EPC 1522", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PLCnext Engineer", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "RFC 4072R", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "RFC 4072S", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "2024.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos, Inc."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."}], "value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494: Download of Code Without Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-10-01T06:18:18.730Z"}, "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"}], "source": {"advisory": "VDE-2023-058", "defect": ["CERT@VDE#64611"], "discovery": "EXTERNAL"}, "title": "PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:39.934Z"}, "title": "CVE Program Container", "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_1152_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C72F7B2-43D1-43CB-B611-B57487E9AE53", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2474BD7-C447-4E07-A628-C729E376943D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_2152_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EA16E9E-ADBB-4943-AE2D-7C49F882A809", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE2E6118-6587-444A-A143-9C3A1E6ED4FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:axc_f_3152_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E28DCF3B-C26E-44BE-BCA1-0AED56326FC3", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*", "matchCriteriaId": "57424998-4EAB-4682-BFC4-1D2A621514F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:bpc_9102s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97B1250-2830-4EFC-9393-DF96E129E16D", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:bpc_9102s:-:*:*:*:*:*:*:*", "matchCriteriaId": "346E85EB-8800-40C7-A7DA-EA587CF90F08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:epc_1502_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8E7E962-9BA0-418B-8A43-541C5278C9ED", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:epc_1502:-:*:*:*:*:*:*:*", "matchCriteriaId": "85AF0A71-02C4-4CFF-A820-5C326F066024", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:epc_1522_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3671BE8-A1DE-444E-9A24-5C86E4F0BBF1", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:epc_1522:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBD531B6-09DA-4B4A-AA7C-C2A54B089C67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A5C5E9-4F2C-44BC-8B64-29D25C789643", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE1D89DD-1717-4E84-8A33-82AA29594E7D", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072r:-:*:*:*:*:*:*:*", "matchCriteriaId": "65D9C540-F273-4EA8-8FF6-95DF46B01D89", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:rfc_4072s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E633B5AB-BD27-461D-8083-20CC1C768D34", "versionEndIncluding": "2024.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BF1EAD1-7C19-4A6E-BF87-EF3F7E526BD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices."}, {"lang": "es", "value": "Una descarga de c\u00f3digo sin vulnerabilidad de verificaci\u00f3n de integridad en los productos PLCnext permite que un atacante remoto con privilegios bajos comprometa la integridad de la estaci\u00f3n de ingenier\u00eda afectada y los dispositivos conectados."}], "id": "CVE-2023-46144", "lastModified": "2024-11-21T08:27:58.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-12-14T14:15:43.447", "references": [{"source": "info@cert.vde.com", "tags": ["Broken Link"], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}