Skip to main content
Security Advisory

Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK

Phoenix Contact has not released a patch to resolve this issue.

Risk Information

Limited Threat

CVE ID

CVE-2023-0757

CVE-2023-5592

Vunerability Type

Incorrect Permission Assignment for Critical Resource

Integrity check fails to identify out-of-band logic changes

CVSS3 Score

9.8

7.5

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affecting

  • MULTIPROG: All versions
  • ProConOS eCLR (SDK): All versions
  • Mitigation

    Phoenix Contact has not released a patch to resolve this issue.

    12/12/2023