CVE-2023-46141 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDE	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
phoenixcontact	automationworx_software_suite	*
phoenixcontact	axc_1050_firmware	*
phoenixcontact	axc_1050_xc_firmware	*
phoenixcontact	axc_3050_firmware	*
phoenixcontact	config\+	*
phoenixcontact	fc_350_pci_eth_firmware	*
phoenixcontact	ilc1x0_firmware	*
phoenixcontact	ilc1x1_firmware	*
phoenixcontact	ilc_3xx_firmware	*
phoenixcontact	pc_worx	*
phoenixcontact	pc_worx_express	*
phoenixcontact	pc_worx_rt_basic_firmware	*
phoenixcontact	pc_worx_srt	*
phoenixcontact	rfc_430_eth-ib_firmware	*
phoenixcontact	rfc_450_eth-ib_firmware	*
phoenixcontact	rfc_460r_pn_3tx_firmware	*
phoenixcontact	rfc_470s_pn_3tx_firmware	*
phoenixcontact	rfc_480s_pn_4tx_firmware	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://cert.vde.com/en/advisories/VDE-2023-055/

https://cert.vde.com/en/advisories/VDE-2023-055/