CVE-2023-5592
HIGHPHOENIX CONTACT MULTIPROG and ProConOS eCLR - Unauthenticated Code Download Without Integrity Check
Title source: llmDescription
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-054/
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
24.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-494
Status
published
Products (2)
phoenixcontact/multiprog
phoenixcontact/proconos_eclr
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026