Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check
CVE-2023-5592

7.5HIGH

Key Information:

Vendor: PHOENIX CONTACT
Status: MULTIPROG; ProConOS eCLR (SDK)
Vendor: CVE Published:; 14 December 2023

🔔 Create PHOENIX CONTACT Vulnerability Alert

What is CVE-2023-5592?

The vulnerability in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) allows unauthenticated remote attackers to download and execute applications on affected devices without performing essential integrity checks. This could lead to unauthorized manipulation of device functionality and an overall compromise of the device integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MULTIPROG all

ProConOS eCLR (SDK) all

References

https://cert.vde.com/en/advisories/VDE-2023-054/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Oct 16, 2023

Credit

Reid Wightman of Dragos, Inc.

JSON

PHOENIX CONTACT

What is CVE-2023-5592?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.