VDE-2023-016 — Vulnetix

VDE-2023-016 PUBLISHED CVSS 8.800000190734863 HIGH

Several vulnerabilities have been discovered in the LibGit2Sharp or underlying LibGit2 library.This open-source component is widely used in a lot of products worldwide.The product is vulnerable to remote code execution, privilege escalation and tampering.PLCnext Engineer is using the LibGit2Sharp library to provide version control capabilities.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	PLCnext Engineer <=2023.3
	PLCnext Engineer 2023.6.

Timeline

Aug 8, 2023 CVE Published
May 22, 2025 CVE Updated

References

https://certvde.com/en/advisories/VDE-2023-016/ advisory
https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-016.json advisory
https://phoenixcontact.com/psirt url
https://certvde.com/en/advisories/vendor/phoenixcontact/ url

Open in Interactive Console →