Vulnerabilities > CVE-2023-1109 - Unspecified vulnerability in Phoenixcontact products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

phoenixcontact

NVD

Published: 2023-04-17

Updated: 2023-04-26

Summary

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact Phoenixcontact Energy AXC PU *	1
OS	Phoenixcontact Phoenixcontact Infobox Firmware * Phoenixcontact Smartrtu AXC SG Firmware * Phoenixcontact Smartrtu AXC IG Firmware *	3
Hardware	Phoenixcontact Phoenixcontact Infobox - Phoenixcontact Smartrtu AXC SG - Phoenixcontact Smartrtu AXC IG -	3

References

https://cert.vde.com/en/advisories/VDE-2023-003/
https://github.com/advisories/GHSA-w923-8w64-f5gh