CVE-2023-0757
CRITICALPHOENIX CONTACT MULTIPROG and ProConOS eCLR - Unauthenticated Arbitrary Code Upload
Title source: llmDescription
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-051/
Scores
CVSS v3
9.8
EPSS
0.0088
EPSS Percentile
54.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
phoenixcontact/multiprog
phoenixcontact/proconos_eclr
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026