Vulnerability Description
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Axc F 1152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 1152 | - |
| Phoenixcontact | Axc F 2152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 2152 | - |
| Phoenixcontact | Axc F 3152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 3152 | - |
| Phoenixcontact | Bpc 9102S Firmware | <= 2024.0 |
| Phoenixcontact | Bpc 9102S | - |
| Phoenixcontact | Epc 1502 Firmware | <= 2024.0 |
| Phoenixcontact | Epc 1502 | - |
| Phoenixcontact | Epc 1522 Firmware | <= 2024.0 |
| Phoenixcontact | Epc 1522 | - |
| Phoenixcontact | Plcnext Engineer | <= 2024.0 |
| Phoenixcontact | Rfc 4072R Firmware | <= 2024.0 |
| Phoenixcontact | Rfc 4072R | - |
| Phoenixcontact | Rfc 4072S Firmware | <= 2024.0 |
| Phoenixcontact | Rfc 4072S | - |
Related Weaknesses (CWE)
References
- https://https://cert.vde.com/en/advisories/VDE-2023-056/Broken Link
- https://https://cert.vde.com/en/advisories/VDE-2023-056/Broken Link
FAQ
What is CVE-2023-46144?
CVE-2023-46144 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected...
How severe is CVE-2023-46144?
CVE-2023-46144 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46144?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Axc F 1152 Firmware, Phoenixcontact Axc F 1152, Phoenixcontact Axc F 2152 Firmware, Phoenixcontact Axc F 2152, Phoenixcontact Axc F 3152 Firmware.