CVE-2023-46144 MEDIUM

CVE-2023-46144: PHOENIX CONTACT: PLCnext Control prone to download of code without integrity check

Vendor Phoenix Contact
Product AXC F 1152
Weakness CWE-494 · Download without integrity check
Published December 14, 2023
Last update October 1, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Key dates

02Disclosure timeline

December 14, 2023 CVE published
October 1, 2024 Record updated