CVE-2023-46143
HIGHPHOENIX CONTACT Classic Line PLCs - Unauthenticated Application Modification
Title source: manualDescription
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-057/
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
24.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-494
Status
published
Products (18)
phoenixcontact/automationworx_software_suite
phoenixcontact/axc_1050_firmware
phoenixcontact/axc_1050_xc_firmware
phoenixcontact/axc_3050_firmware
phoenixcontact/config\+
phoenixcontact/fc_350_pci_eth_firmware
phoenixcontact/ilc1x0_firmware
phoenixcontact/ilc1x1_firmware
phoenixcontact/ilc_3xx_firmware
phoenixcontact/pc_worx
... and 8 more
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026