CVE-2023-37862

CWE-862Missing Authorization3 documents3 sources
Severity
8.2HIGH
EPSS
0.3%
top 48.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Phoenix Contact WP 6070-wvpsPhoenix Contact WP 6101-wxpsPhoenix Contact WP 6121-wxps+9 more
Timeline
PublishedAug 9

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages12 packages

CVEListV5phoenix_contact/wp_6070-wvps< 4.0.10
CVEListV5phoenix_contact/wp_6101-wxps< 4.0.10
CVEListV5phoenix_contact/wp_6121-wxps< 4.0.10
CVEListV5phoenix_contact/wp_6156-whps< 4.0.10
CVEListV5phoenix_contact/wp_6185-whps< 4.0.10

🔴Vulnerability Details

2
CVEList
PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels2023-08-09
GHSA
GHSA-4xm8-vmfg-3fch: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 42023-08-09
CVE-2023-37862 (HIGH CVSS 8.2) | In PHOENIX CONTACTs WP 6xxx series | cvebase.io