CVE-2023-46144

MEDIUM

PLCnext - Info Disclosure

Title source: llm

Description

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

References (1)

Core 1

Core References

Broken Link

https://https://cert.vde.com/en/advisories/VDE-2023-056/

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 22.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-494

Status published

Products (9)

phoenixcontact/axc_f_1152_firmware < 2024.0

phoenixcontact/axc_f_2152_firmware < 2024.0

phoenixcontact/axc_f_3152_firmware < 2024.0

phoenixcontact/bpc_9102s_firmware < 2024.0

phoenixcontact/epc_1502_firmware < 2024.0

phoenixcontact/epc_1522_firmware < 2024.0

phoenixcontact/plcnext_engineer < 2024.0

phoenixcontact/rfc_4072r_firmware < 2024.0

phoenixcontact/rfc_4072s_firmware < 2024.0

Published Dec 14, 2023

Tracked Since Feb 18, 2026