PLCnext Engineer
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46144 | 0.00 | — | 0.00 | Dec 14, 2023 | A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices. | |||
| CVE-2023-46142 | 0.00 | — | 0.01 | Dec 14, 2023 | A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | |||
| CVE-2020-12499 | 0.00 | — | 0.00 | Jul 21, 2020 | In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. |
- CVE-2023-46144Dec 14, 2023risk 0.00cvss —epss 0.00
A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.
- CVE-2023-46142Dec 14, 2023risk 0.00cvss —epss 0.01
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
- CVE-2020-12499Jul 21, 2020risk 0.00cvss —epss 0.00
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.