CRITICAL🇵🇱 Wersja polska

CVE-2023-46141

CVSS 9.8v3.1pub. 2023-12-14upd. 2024-11-21

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

🤖 AI Analysis
How it works

The vulnerability results from improper assignment of permissions to critical resources (CWE-732). Due to misconfigured or insufficiently restrictive permissions on key system resources, an attacker can access them without requiring authentication. The attack is possible remotely over the network, without user interaction, and without any prerequisites on the attacker's side.

Impact

An attacker can gain full control over the vulnerable device, which includes reading and modifying configuration, manipulating control processes, and potentially disrupting or stopping the operation of industrial installation.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://cert.vde.com/en/advisories/VDE-2023-055/). Until updates are implemented, it is recommended to isolate vulnerable devices from the network, restrict access to them only from trusted hosts using a firewall, and avoid directly exposing devices to public networks.

Who is affected

Phoenix Contact Automation Worx Software Suite, Phoenix Contact AXC 1050 (Firmware), Phoenix Contact AXC 1050 XC (Firmware) — exact versions indicated in manufacturer references (CERT@VDE VDE-2023-055)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phoenixcontact Automationworx Software Suite

    APP
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 1050

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 1050 Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 1050 Xc

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 1050 Xc Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 3050

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc 3050 Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Config\+

    APP
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Fc 350 Pci Eth

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Fc 350 Pci Eth Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc1x0

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc1x0 Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc1x1

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc1x1 Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc 3xx

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Ilc 3xx Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Pc Worx

    APP
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Pc Worx Express

    APP
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Pc Worx Rt Basic

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Pc Worx Rt Basic Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Pc Worx Srt

    APP
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 430 Eth Ib

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 430 Eth Ib Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 450 Eth Ib

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 450 Eth Ib Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 460r Pn 3tx

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 460r Pn 3tx Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 470s Pn 3tx

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 470s Pn 3tx Firmware

    OS
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 480s Pn 4tx

    HW
    Phoenixcontact
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-31800CRITICAL9.8ten sam produkt

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in...

CVE-2019-9201CRITICAL9.8ten sam produkt

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sens...

CVE-2023-46143HIGH7.5ten sam produkt

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthen...

CVE-2022-3737HIGH7.8ten sam produkt

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended sco...

CVE-2022-3461HIGH7.8ten sam produkt

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could...