CVE-2023-46142

HIGH

PLCnext - Privilege Escalation

Title source: llm

Description

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

References (1)

Core 1

Core References

Broken Link

https://https://cert.vde.com/en/advisories/VDE-2023-056/

Scores

CVSS v3 8.8

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (9)

phoenixcontact/axc_f_1152_firmware < 2024.0

phoenixcontact/axc_f_2152_firmware < 2024.0

phoenixcontact/axc_f_3152_firmware < 2024.0

phoenixcontact/bpc_9102s_firmware < 2024.0

phoenixcontact/epc_1502_firmware < 2024.0

phoenixcontact/epc_1522_firmware < 2024.0

phoenixcontact/plcnext_engineer < 2024.0

phoenixcontact/rfc_4072r_firmware < 2024.0

phoenixcontact/rfc_4072s_firmware < 2024.0

Published Dec 14, 2023

Tracked Since Feb 18, 2026