CVE-2023-46144

MEDIUM

PLCnext - Info Disclosure

Title source: llm

Description

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

References (1)

[Broken Link] https://https://cert.vde.com/en/advisories/VDE-2023-056/

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-494

Status published

Products (9)

phoenixcontact/axc_f_1152_firmware < 2024.0

phoenixcontact/axc_f_2152_firmware < 2024.0

phoenixcontact/axc_f_3152_firmware < 2024.0

phoenixcontact/bpc_9102s_firmware < 2024.0

phoenixcontact/epc_1502_firmware < 2024.0

phoenixcontact/epc_1522_firmware < 2024.0

phoenixcontact/plcnext_engineer < 2024.0

phoenixcontact/rfc_4072r_firmware < 2024.0

phoenixcontact/rfc_4072s_firmware < 2024.0

Published Dec 14, 2023

Tracked Since Feb 18, 2026