Vulnerability Description
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Energy Axc Pu | >= 01.00.00.00, <= 04.15.00.00 |
| Phoenixcontact | Infobox Firmware | >= 01.00.00.00, <= 02.02.00.00 |
| Phoenixcontact | Infobox | - |
| Phoenixcontact | Smartrtu Axc Sg Firmware | >= 01.00.00.00, <= 01.08.00.02 |
| Phoenixcontact | Smartrtu Axc Sg | - |
| Phoenixcontact | Smartrtu Axc Ig Firmware | >= 01.00.00.00, <= 01.02.00.01 |
| Phoenixcontact | Smartrtu Axc Ig | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-003/Not Applicable
- https://github.com/advisories/GHSA-w923-8w64-f5ghThird Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-003/Not Applicable
FAQ
What is CVE-2023-1109?
CVE-2023-1109 is a vulnerability with a CVSS score of 8.8 (HIGH). In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via ...
How severe is CVE-2023-1109?
CVE-2023-1109 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1109?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Energy Axc Pu, Phoenixcontact Infobox Firmware, Phoenixcontact Infobox, Phoenixcontact Smartrtu Axc Sg Firmware, Phoenixcontact Smartrtu Axc Sg.