CVE-2023-0757

Published Dec 14, 2023

Last updated 6 months ago

CVSS critical 9.8

Overview

Description: Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
Source: info@cert.vde.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

info@cert.vde.com: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:multiprog:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42452860-CB53-479D-ADE1-E8166EC834C4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:proconos_eclr:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9A422FD-2C4C-4B77-B619-6747474A3FA7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References