Vulnerabilities > CVE-2023-37859 - Unspecified vulnerability in Phoenixcontact products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-08-09

Updated: 2024-11-21

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact WP 6070 Wvps Firmware * Phoenixcontact WP 6101 Wxps Firmware * Phoenixcontact WP 6121 Wxps Firmware * Phoenixcontact WP 6156 Whps Firmware * Phoenixcontact WP 6185 Whps Firmware * Phoenixcontact WP 6215 Whps Firmware *	6
Hardware	Phoenixcontact Phoenixcontact WP 6070 Wvps - Phoenixcontact WP 6101 Wxps - Phoenixcontact WP 6121 Wxps - Phoenixcontact WP 6156 Whps - Phoenixcontact WP 6185 Whps - Phoenixcontact WP 6215 Whps -	6

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.