Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource
CVE-2023-46141

9.8CRITICAL

Key Information:

Vendor
PHOENIX CONTACT
Status
Automation Worx Software Suite
AXC 1050
AXC 1050 XC
AXC 3050
Vendor
CVE Published:
14 December 2023

Summary

The vulnerability in multiple products of the PHOENIX CONTACT classic line allows an unauthenticated remote attacker to exploit incorrect permission assignments, granting full access to critical resources on the affected device. This exposure could lead to significant security breaches if not addressed promptly.

Affected Version(s)

Automation Worx Software Suite all

AXC 1050 all

AXC 1050 XC all

References

https://cert.vde.com/en/advisories/VDE-2023-055/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Reid Wightman of Dragos, Inc.
.
CVE-2023-46141 : Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource | SecurityVulnerability.io