Vulnerabilities > CVE-2023-1109 - Unspecified vulnerability in Phoenixcontact products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phoenixcontact

NVD

Published: 2023-04-17

Updated: 2024-11-21

Summary

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact Phoenixcontact Energy AXC PU 01.00.00.00 Phoenixcontact Energy AXC PU 04.13.00.00 Phoenixcontact Energy AXC PU 04.14.00.00 Phoenixcontact Energy AXC PU 04.15.00.00	4
OS	Phoenixcontact Phoenixcontact Infobox Firmware 01.00.00.00 Phoenixcontact Infobox Firmware 02.02.00.00 Phoenixcontact Smartrtu AXC SG Firmware 01.00.00.00 Phoenixcontact Smartrtu AXC SG Firmware 01.08.00.02 Phoenixcontact Smartrtu AXC IG Firmware 01.00.00.00 Phoenixcontact Smartrtu AXC IG Firmware 01.02.00.01	6
Hardware	Phoenixcontact Phoenixcontact Infobox - Phoenixcontact Smartrtu AXC SG - Phoenixcontact Smartrtu AXC IG -	3

Summary

Vulnerable Configurations

References