CVE-2023-3572
published 2023-08-08CVE-2023-3572: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST…
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | wp_6070-wvps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6101-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6121-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6156-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6185-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6215-whps | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6070-wvps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6101-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6121-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6156-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6185-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6215-whps_firmware | < 4.0.10 | 4.0.10 |