Vulnerabilities > CVE-2023-3569 - XML Entity Expansion vulnerability in Phoenixcontact products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

phoenixcontact

CWE-776

NVD

Published: 2023-08-08

Updated: 2023-08-14

Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact Cloud Client 1101T TX Firmware * Phoenixcontact TC Cloud Client 1002 4G ATT Firmware * Phoenixcontact TC Cloud Client 1002 4G Firmware 2.03.17 Phoenixcontact TC Cloud Client 1002 4G VZW Firmware * Phoenixcontact TC Router 3002T 4G ATT Firmware 2.05.3 Phoenixcontact TC Router 3002T 4G Firmware 2.05.3 Phoenixcontact TC Router 3002T 4G VZW Firmware 2.05.3	7
Hardware	Phoenixcontact Phoenixcontact Cloud Client 1101T TX - Phoenixcontact TC Cloud Client 1002 4G ATT - Phoenixcontact TC Cloud Client 1002 4G - Phoenixcontact TC Cloud Client 1002 4G VZW - Phoenixcontact TC Router 3002T 4G ATT - Phoenixcontact TC Router 3002T 4G - Phoenixcontact TC Router 3002T 4G VZW -	7

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References