CVE-2023-1109
Summary
| CVE | CVE-2023-1109 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-17 08:15:00 UTC |
| Updated | 2023-04-26 23:00:00 UTC |
| Description | In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Phoenixcontact | Energy Axc Pu | All | All | All | All |
| Hardware | Phoenixcontact | Infobox | - | All | All | All |
| Operating System | Phoenixcontact | Infobox Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Smartrtu Axc Ig | - | All | All | All |
| Operating System | Phoenixcontact | Smartrtu Axc Ig Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Smartrtu Axc Sg | - | All | All | All |
| Operating System | Phoenixcontact | Smartrtu Axc Sg Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| In Phoenix Contacts ENERGY AXC PU Web service an... · CVE-2023-1109 · GitHub Advisory Database · GitHub | MISC | github.com | Third Party Advisory |
| VDE-2023-003 | CERT@VDE | MISC | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.