CVE-2023-3569

CWE-776 — XML Entity Expansion (Billion Laughs)3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 55.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Cloud Client 1101t-tx/tx Phoenix Contact TC Cloud Client 1002-4g Phoenix Contact TC Cloud Client 1002-4g ATT +11 more

Timeline

PublishedAug 8

Description

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages14 packages

▶CVEListV5phoenix_contact/cloud_client_1101t-tx/tx< 2.06.10

▶NVDphoenixcontact/cloud_client_1101t-tx_firmware< 2.06.10

▶CVEListV5phoenix_contact/tc_cloud_client_1002-4g< 2.07.2

▶CVEListV5phoenix_contact/tc_cloud_client_1002-4g_att< 2.07.2

▶CVEListV5phoenix_contact/tc_cloud_client_1002-4g_vzw< 2.07.2

🔴Vulnerability Details

GHSA

GHSA-4322-9574-7cv6: In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2↗2023-08-08

▶

CVEList

PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT↗2023-08-08

▶