CVE-2023-5592 - OpenCVE

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Multiprog Proconos Eclr

Configuration 1 [-]

cpe:2.3:a:phoenixcontact:multiprog:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:phoenixcontact:proconos_eclr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2023-054/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-12-14T14:04:41.083Z

Updated: 2024-08-02T08:07:31.902Z

Reserved: 2023-10-16T05:31:39.868Z

Link: CVE-2023-5592

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-14T14:15:45.427

Modified: 2023-12-21T17:16:30.290

Link: CVE-2023-5592

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5592", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-10-16T05:31:39.868Z", "datePublished": "2023-12-14T14:04:41.083Z", "dateUpdated": "2024-08-02T08:07:31.902Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MULTIPROG", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "unaffected", "product": "ProConOS eCLR (SDK)", "vendor": "PHOENIX CONTACT", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos, Inc."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity."}], "value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-12-14T14:04:41.083Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-054/"}], "source": {"advisory": "VDE-2023-051", "defect": ["CERT@VDE#64360"], "discovery": "EXTERNAL"}, "title": "Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:31.902Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-054/", "tags": ["x_transferred"]}]}]}}