Free Webinar:

Incident responders TELL-ALL on May 16 with lessons learned from the frontlines of the OT cybersecurity battleground.

Register Now
Skip to main content
Security Advisory

Phoenix Contact: Automation Worx and classic line controllers

Incorrect Permission Assignment for Critical Resource

Risk Information

Limited Threat

CVE ID

CVE-2023-46141

Vunerability Type

Incorrect Permission Assignment for Critical Resource

CVSS3 Score

9.8

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

  • Automation Worx Software Suite: All versions
  • AXC 1050 (2700988): All versions
  • AXC 1050 XC (2701295): All versions
  • AXC 3050 (2700989): All versions
  • Config+: all versions
  • FC 350 PCI ETH (2730844): All versions
  • ILC1x0: All versions
  • ILC1x1: All versions
  • ILC 3xx: All versions
  • PC Worx: All versions
  • PC Worx Express: All versions
  • PC WORX RT BASIC (2700291): All versions
  • PC WORX SRT (2701680): All versions
  • RFC 430 ETH-IB (2730190): All versions
  • RFC 450 ETH-IB: (2730200): All versions
  • RFC 460R PN 3TX (2700784): All versions
  • RFC 470S PN 3TX (2916794): All versions
  • RFC 480S PN 4TX (2404577): All versions

    • Mitigation

    Phoenix Contact has not released a patch to resolve this issue.

    12/12/2023