Description
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-494
Status
published
Products (18)
phoenixcontact/automationworx_software_suite
phoenixcontact/axc_1050_firmware
phoenixcontact/axc_1050_xc_firmware
phoenixcontact/axc_3050_firmware
phoenixcontact/config\+
phoenixcontact/fc_350_pci_eth_firmware
phoenixcontact/ilc1x0_firmware
phoenixcontact/ilc1x1_firmware
phoenixcontact/ilc_3xx_firmware
phoenixcontact/pc_worx
... and 8 more
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026