Vulnerabilities > CVE-2023-37858 - Unspecified vulnerability in Phoenixcontact products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2023-08-09

Updated: 2024-11-21

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact WP 6070 Wvps Firmware * Phoenixcontact WP 6101 Wxps Firmware * Phoenixcontact WP 6121 Wxps Firmware * Phoenixcontact WP 6156 Whps Firmware * Phoenixcontact WP 6185 Whps Firmware * Phoenixcontact WP 6215 Whps Firmware *	6
Hardware	Phoenixcontact Phoenixcontact WP 6070 Wvps - Phoenixcontact WP 6101 Wxps - Phoenixcontact WP 6121 Wxps - Phoenixcontact WP 6156 Whps - Phoenixcontact WP 6185 Whps - Phoenixcontact WP 6215 Whps -	6

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.