CVE-2023-3570
published 2023-08-08CVE-2023-3570: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | wp_6070-wvps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6101-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6121-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6156-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6185-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6215-whps | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6070-wvps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6101-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6121-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6156-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6185-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6215-whps_firmware | < 4.0.10 | 4.0.10 |