Description
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-055/
Scores
CVSS v3
9.8
EPSS
0.0081
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (18)
phoenixcontact/automationworx_software_suite
phoenixcontact/axc_1050_firmware
phoenixcontact/axc_1050_xc_firmware
phoenixcontact/axc_3050_firmware
phoenixcontact/config\+
phoenixcontact/fc_350_pci_eth_firmware
phoenixcontact/ilc1x0_firmware
phoenixcontact/ilc1x1_firmware
phoenixcontact/ilc_3xx_firmware
phoenixcontact/pc_worx
... and 8 more
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026