CVE-2023-3526
published 2023-08-08CVE-2023-3526: In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote…
critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | cloud_client_1101t-tx_tx | < 2.06.10 | 2.06.10 |
| phoenix_contact | tc_cloud_client_1002-4g | < 2.07.2 | 2.07.2 |
| phoenix_contact | tc_cloud_client_1002-4g_att | < 2.07.2 | 2.07.2 |
| phoenix_contact | tc_cloud_client_1002-4g_vzw | < 2.07.2 | 2.07.2 |
| phoenix_contact | tc_router_3002t-4g | < 2.07.2 | 2.07.2 |
| phoenix_contact | tc_router_3002t-4g_att | < 2.07.2 | 2.07.2 |
| phoenix_contact | tc_router_3002t-4g_vzw | < 2.07.2 | 2.07.2 |
| phoenixcontact | cloud_client_1101t-tx_firmware | < 2.06.10 | 2.06.10 |
| phoenixcontact | tc_cloud_client_1002-4g_att_firmware | < 2.07.2 | 2.07.2 |
| phoenixcontact | tc_cloud_client_1002-4g_firmware | < 2.07.2 | 2.07.2 |
| phoenixcontact | tc_cloud_client_1002-4g_vzw_firmware | < 2.07.2 | 2.07.2 |
| phoenixcontact | tc_router_3002t-4g_att_firmware | < 2.07.2 | 2.07.2 |
| phoenixcontact | tc_router_3002t-4g_firmware | < 2.07.2 | 2.07.2 |
| phoenixcontact | tc_router_3002t-4g_vzw_firmware | < 2.07.2 | 2.07.2 |