Vulnerabilities > CVE-2023-37857 - Unspecified vulnerability in Phoenixcontact products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

phoenixcontact

NVD

Published: 2023-08-09

Updated: 2024-11-21

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact WP 6070 Wvps Firmware * Phoenixcontact WP 6101 Wxps Firmware * Phoenixcontact WP 6121 Wxps Firmware * Phoenixcontact WP 6156 Whps Firmware * Phoenixcontact WP 6185 Whps Firmware * Phoenixcontact WP 6215 Whps Firmware *	6
Hardware	Phoenixcontact Phoenixcontact WP 6070 Wvps - Phoenixcontact WP 6101 Wxps - Phoenixcontact WP 6121 Wxps - Phoenixcontact WP 6156 Whps - Phoenixcontact WP 6185 Whps - Phoenixcontact WP 6215 Whps -	6

Summary

Vulnerable Configurations

References