Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check
CVE-2023-5592

7.5HIGH

Key Information:

Vendor: PHOENIX CONTACT
Status: MULTIPROG; ProConOS eCLR (SDK)
Vendor: CVE Published:; 14 December 2023

Summary

The vulnerability in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) allows unauthenticated remote attackers to download and execute applications on affected devices without performing essential integrity checks. This could lead to unauthorized manipulation of device functionality and an overall compromise of the device integrity.

Affected Version(s)

MULTIPROG all

ProConOS eCLR (SDK) all

References

https://cert.vde.com/en/advisories/VDE-2023-054/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Oct 16, 2023

Credit

Reid Wightman of Dragos, Inc.