Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
The vulnerability results from improper assignment of permissions to critical resources (CWE-732). Due to misconfigured or insufficiently restrictive permissions on key system resources, an attacker can access them without requiring authentication. The attack is possible remotely over the network, without user interaction, and without any prerequisites on the attacker's side.
An attacker can gain full control over the vulnerable device, which includes reading and modifying configuration, manipulating control processes, and potentially disrupting or stopping the operation of industrial installation.
Apply patches available from the manufacturer according to references (https://cert.vde.com/en/advisories/VDE-2023-055/). Until updates are implemented, it is recommended to isolate vulnerable devices from the network, restrict access to them only from trusted hosts using a firewall, and avoid directly exposing devices to public networks.
Phoenix Contact Automation Worx Software Suite, Phoenix Contact AXC 1050 (Firmware), Phoenix Contact AXC 1050 XC (Firmware) — exact versions indicated in manufacturer references (CERT@VDE VDE-2023-055)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhoenixcontact Automationworx Software Suite
APPPhoenixcontactwszystkie wersjePhoenixcontact Axc 1050
HWPhoenixcontactwszystkie wersjePhoenixcontact Axc 1050 Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Axc 1050 Xc
HWPhoenixcontactwszystkie wersjePhoenixcontact Axc 1050 Xc Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Axc 3050
HWPhoenixcontactwszystkie wersjePhoenixcontact Axc 3050 Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Config\+
APPPhoenixcontactwszystkie wersjePhoenixcontact Fc 350 Pci Eth
HWPhoenixcontactwszystkie wersjePhoenixcontact Fc 350 Pci Eth Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Ilc1x0
HWPhoenixcontactwszystkie wersjePhoenixcontact Ilc1x0 Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Ilc1x1
HWPhoenixcontactwszystkie wersjePhoenixcontact Ilc1x1 Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Ilc 3xx
HWPhoenixcontactwszystkie wersjePhoenixcontact Ilc 3xx Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Pc Worx
APPPhoenixcontactwszystkie wersjePhoenixcontact Pc Worx Express
APPPhoenixcontactwszystkie wersjePhoenixcontact Pc Worx Rt Basic
HWPhoenixcontactwszystkie wersjePhoenixcontact Pc Worx Rt Basic Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Pc Worx Srt
APPPhoenixcontactwszystkie wersjePhoenixcontact Rfc 430 Eth Ib
HWPhoenixcontactwszystkie wersjePhoenixcontact Rfc 430 Eth Ib Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Rfc 450 Eth Ib
HWPhoenixcontactwszystkie wersjePhoenixcontact Rfc 450 Eth Ib Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Rfc 460r Pn 3tx
HWPhoenixcontactwszystkie wersjePhoenixcontact Rfc 460r Pn 3tx Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Rfc 470s Pn 3tx
HWPhoenixcontactwszystkie wersjePhoenixcontact Rfc 470s Pn 3tx Firmware
OSPhoenixcontactwszystkie wersjePhoenixcontact Rfc 480s Pn 4tx
HWPhoenixcontactwszystkie wersje
Related vulnerabilities
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in...
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sens...
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthen...
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended sco...
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could...