1. Home
  2. CVE Database
  3. CVE-2023-46143
HIGH · 7.5

CVE-2023-46143

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

Vulnerability Description

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
PhoenixcontactAutomationworx Software SuiteAll versions
PhoenixcontactAxc 1050 FirmwareAll versions
PhoenixcontactAxc 1050-
PhoenixcontactAxc 1050 Xc FirmwareAll versions
PhoenixcontactAxc 1050 Xc-
PhoenixcontactAxc 3050 FirmwareAll versions
PhoenixcontactAxc 3050-
PhoenixcontactConfig\+All versions
PhoenixcontactFc 350 Pci Eth FirmwareAll versions
PhoenixcontactFc 350 Pci Eth-
PhoenixcontactIlc1X0 FirmwareAll versions
PhoenixcontactIlc1X0-
PhoenixcontactIlc1X1 FirmwareAll versions
PhoenixcontactIlc1X1-
PhoenixcontactIlc 3Xx FirmwareAll versions
PhoenixcontactIlc 3Xx-
PhoenixcontactPc WorxAll versions
PhoenixcontactPc Worx ExpressAll versions
PhoenixcontactPc Worx Rt Basic FirmwareAll versions
PhoenixcontactPc Worx Rt Basic-

Related Weaknesses (CWE)

CWE-494

References

FAQ

What is CVE-2023-46143?

CVE-2023-46143 is a vulnerability with a CVSS score of 7.5 (HIGH). Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

How severe is CVE-2023-46143?

CVE-2023-46143 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-46143?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Automationworx Software Suite, Phoenixcontact Axc 1050 Firmware, Phoenixcontact Axc 1050, Phoenixcontact Axc 1050 Xc Firmware, Phoenixcontact Axc 1050 Xc.