How severe is CVE-2023-46144?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-46144?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2023-46144

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-494

View all →

Vulnerability Description

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVE-2021-41714

MEDIUM

CVSS:6.5(Medium)

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, la...

CWE-4942021

CVE-2022-31324

MEDIUM

CVSS:6.5(Medium)

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST req...

CWE-4942022

CVE-2022-37908

MEDIUM

CVSS:6.5(Medium)

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.

CWE-4942022

CVE-2022-4261

MEDIUM

CVSS:6.5(Medium)

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the...

CWE-4942022