CVE-2023-37857
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6070 Wvps | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6101 Wxps | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6121 Wxps | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6156 Whps | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6185 Whps | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.0.10 |
| Running on/with | Platform Versions |
|---|---|
Phoenixcontact Wp 6215 Whps | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.