CVE-2023-1109
Last modified
CVE-2023-1109 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Energy Axc Pu | >= 01.00.00.00, <= 04.15.00.00 |
| Phoenixcontact | Infobox Firmware | >= 01.00.00.00, <= 02.02.00.00 |
| Phoenixcontact | Smartrtu Axc Sg Firmware | >= 01.00.00.00, <= 01.08.00.02 |
| Phoenixcontact | Smartrtu Axc Ig Firmware | >= 01.00.00.00, <= 01.02.00.01 |
References
- https://cert.vde.com/en/advisories/VDE-2023-003/Not Applicable
- https://github.com/advisories/GHSA-w923-8w64-f5ghThird Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-003/Not Applicable
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-1109?
How severe is CVE-2023-1109?
How do I fix CVE-2023-1109?
Are you affected by CVE-2023-1109?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST