Vulnerabilities > CVE-2023-1109 - Unspecified vulnerability in Phoenixcontact products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

phoenixcontact

NVD

Published: 2023-04-17

Updated: 2023-04-26

Summary

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact Phoenixcontact Energy AXC PU 01.00.00.00 Phoenixcontact Energy AXC PU 04.13.00.00 Phoenixcontact Energy AXC PU 04.14.00.00 Phoenixcontact Energy AXC PU 04.15.00.00	4
OS	Phoenixcontact Phoenixcontact Infobox Firmware 01.00.00.00 Phoenixcontact Infobox Firmware 02.02.00.00 Phoenixcontact Smartrtu AXC SG Firmware 01.00.00.00 Phoenixcontact Smartrtu AXC SG Firmware 01.08.00.02 Phoenixcontact Smartrtu AXC IG Firmware 01.00.00.00 Phoenixcontact Smartrtu AXC IG Firmware 01.02.00.01	6
Hardware	Phoenixcontact Phoenixcontact Infobox - Phoenixcontact Smartrtu AXC SG - Phoenixcontact Smartrtu AXC IG -	3

Summary

Vulnerable Configurations

References