CVE-2023-46141

Published Dec 14, 2023
Last updated 6 months ago
CVSS critical 9.8
Overview

Description: Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
Source: info@cert.vde.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Weaknesses

info@cert.vde.com: CWE-732
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:automationworx_software_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9797B615-825F-4CAA-B36E-5161E37FAF9A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_1050_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0D586DC-2274-4A32-AE98-7BE174C230CC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_1050:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F55C821-DAA6-4098-BB54-80F6D9ED0CD6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_1050_xc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332A6164-CDC1-4DBF-9B62-946EC7D7C4B3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_1050_xc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E03B5234-36FA-4BCE-964D-F55FFFD5CAAC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:axc_3050_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84066F7B-8306-4743-9F12-75B8F880AD93"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:axc_3050:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB9699A2-782D-40F3-B8D6-3C315104BA60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:config\\+:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6D8FDB6-6181-49EB-BE6D-236D39A478A1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:fc_350_pci_eth_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB7CA5B-7EEF-4E0E-9A53-83FE28730852"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:fc_350_pci_eth:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4BB6654-41BB-488E-AC8C-E74C05CA198F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:ilc1x0_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC07A81-D5D6-449C-93F8-93D6E87487DD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:ilc1x0:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE45F6AF-7286-48F7-B4BE-AFC948884C7C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:ilc1x1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E168AB1-1B81-4990-95E4-56C36275609B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:ilc1x1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E318A8B-D1D1-4DD5-AF71-DCBFEFCF2C5E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:ilc_3xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65E1A201-E7B1-452B-8BC6-A355A3BF9460"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:ilc_3xx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF1C58A6-5220-4509-B426-D1ED5ECFAD05"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:pc_worx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B975C4E4-83B5-4C98-811B-E6D13687AB85"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:pc_worx_express:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE663FFA-4B82-4477-A424-4C9CC83C131E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:pc_worx_rt_basic_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8693B231-3A5C-47B7-BEA5-53D430BBACF4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:pc_worx_rt_basic:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08B214FC-776F-454B-8DC4-E7F2E6EFB013"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phoenixcontact:pc_worx_srt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2A6F462-A12F-4E08-9AA6-1C1AF743A645"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_430_eth-ib_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "643E47A5-E7AA-4321-99A1-05EEBD9A2B56"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_430_eth-ib:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1F32F262-519C-41BB-BF31-ECBCAC1ABEA9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_450_eth-ib_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A91E019B-F0C5-4DF0-AE4C-E60F3D598F0C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_450_eth-ib:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C3C2EDF4-2982-4858-A960-7E7564E5B20A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_460r_pn_3tx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "302995A9-E9CC-4477-B374-CE10F16A5E10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_460r_pn_3tx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7544E2C-2E63-4C36-AB64-764B4393E377"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_470s_pn_3tx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCAB2CA6-EEC4-4E0D-B962-FC2C4EF06013"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_470s_pn_3tx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD94CBFF-CC25-4122-96FE-2308A4D1659D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenixcontact:rfc_480s_pn_4tx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B383246-EF0A-466F-89EA-F61AFC447509"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenixcontact:rfc_480s_pn_4tx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B043176-58CC-438C-92D9-99F479BB1C58"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
