Vulnerabilities > CVE-2023-37861 - Unspecified vulnerability in Phoenixcontact products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

NVD

Published: 2023-08-09

Updated: 2024-11-21

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact WP 6070 Wvps Firmware * Phoenixcontact WP 6101 Wxps Firmware * Phoenixcontact WP 6121 Wxps Firmware * Phoenixcontact WP 6156 Whps Firmware * Phoenixcontact WP 6185 Whps Firmware * Phoenixcontact WP 6215 Whps Firmware *	6
Hardware	Phoenixcontact Phoenixcontact WP 6070 Wvps - Phoenixcontact WP 6101 Wxps - Phoenixcontact WP 6121 Wxps - Phoenixcontact WP 6156 Whps - Phoenixcontact WP 6185 Whps - Phoenixcontact WP 6215 Whps -	6

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.