CVE-2023-5592

HIGH

Phoenixcontact Multiprog - Download Without Integrity Check

Title source: rule

Description

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

References (1)

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2023-054/

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-494

Status published

Products (2)

phoenixcontact/multiprog

phoenixcontact/proconos_eclr

Published Dec 14, 2023

Tracked Since Feb 18, 2026