VDE-2022-046 — Vulnetix

VDE-2022-046 PUBLISHED CVSS 6.5 MEDIUM

UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
	Firmware <2022.0.8 LTS
	AXC F 2152
	Firmware <2022.0.7 LTS
	AXC F 3152
	Firmware V04.14.00.00
	Firmware 2022.0.8 LTS
	EPC 1522
	EPC 1502
	Firmware <V01.09.00.00
	ENERGY AXC PU
	Firmware V01.09.00.00
	SMARTRTU AXC SG
	Firmware 2022.0.7 LTS
	BPC 9102S
	AXC F 1152
	Firmware <V04.14.00.00
	RFC 4072S

Timeline

Nov 10, 2022 CVE Published
May 22, 2025 CVE Updated

References

https://phoenixcontact.com/psirt url
https://certvde.com/en/advisories/vendor/phoenixcontact/ url
https://certvde.com/en/advisories/VDE-2022-046/ advisory
https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-046.json advisory

Open in Interactive Console →