Security Advisory
Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK
Phoenix Contact has not released a patch to resolve this issue.
Risk Information
Limited Threat
CVE ID
CVE-2023-0757
CVE-2023-5592
Vunerability Type
Incorrect Permission Assignment for Critical Resource
Integrity check fails to identify out-of-band logic changes
CVSS3 Score
9.8
7.5
CVSSv3 Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affecting
Mitigation
Phoenix Contact has not released a patch to resolve this issue.
12/12/2023