CVE-2023-0757
CRITICALPhoenixcontact Multiprog - Incorrect Permission Assignment
Title source: ruleDescription
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-051/
Scores
CVSS v3
9.8
EPSS
0.0081
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
phoenixcontact/multiprog
phoenixcontact/proconos_eclr
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026