CVE-2023-37856

CWE-6103 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 77.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

12

Phoenix Contact WP 6070-wvps Phoenix Contact WP 6101-wxps Phoenix Contact WP 6121-wxps +9 more

Timeline

PublishedAug 9

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages12 packages

▶CVEListV5phoenix_contact/wp_6070-wvps< 4.0.10

▶CVEListV5phoenix_contact/wp_6101-wxps< 4.0.10

▶CVEListV5phoenix_contact/wp_6121-wxps< 4.0.10

▶CVEListV5phoenix_contact/wp_6156-whps< 4.0.10

▶CVEListV5phoenix_contact/wp_6185-whps< 4.0.10

🔴Vulnerability Details

2

CVEList

PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels↗2023-08-09

▶

GHSA

GHSA-fqxx-3fhv-wcpr: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4↗2023-08-09

▶

CVE-2023-37856 (MEDIUM CVSS 4.3) | In PHOENIX CONTACTs WP 6xxx series | cvebase.io