Security Advisory

Phoenix Contact: Automation Worx and classic line controllers

Incorrect Permission Assignment for Critical Resource

Risk Information

Limited Threat

CVE ID

CVE-2023-46141

Vunerability Type

Incorrect Permission Assignment for Critical Resource

CVSS3 Score

9.8

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Automation Worx Software Suite: All versions

AXC 1050 (2700988): All versions

AXC 1050 XC (2701295): All versions

AXC 3050 (2700989): All versions

Config+: all versions

FC 350 PCI ETH (2730844): All versions

ILC1x0: All versions

ILC1x1: All versions

ILC 3xx: All versions

PC Worx: All versions

PC Worx Express: All versions

PC WORX RT BASIC (2700291): All versions

PC WORX SRT (2701680): All versions

RFC 430 ETH-IB (2730190): All versions

RFC 450 ETH-IB: (2730200): All versions

RFC 460R PN 3TX (2700784): All versions

RFC 470S PN 3TX (2916794): All versions

RFC 480S PN 4TX (2404577): All versions

Phoenix Contact has not released a patch to resolve this issue.

12/12/2023