Vulnerabilities > CVE-2023-37862 - Missing Authorization vulnerability in Phoenixcontact products

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

phoenixcontact

CWE-862

NVD

Published: 2023-08-09

Updated: 2023-08-15

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact WP 6070 Wvps Firmware * Phoenixcontact WP 6101 Wxps Firmware * Phoenixcontact WP 6121 Wxps Firmware * Phoenixcontact WP 6156 Whps Firmware * Phoenixcontact WP 6185 Whps Firmware * Phoenixcontact WP 6215 Whps Firmware *	6
Hardware	Phoenixcontact Phoenixcontact WP 6070 Wvps - Phoenixcontact WP 6101 Wxps - Phoenixcontact WP 6121 Wxps - Phoenixcontact WP 6156 Whps - Phoenixcontact WP 6185 Whps - Phoenixcontact WP 6215 Whps -	6

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://cert.vde.com/en/advisories/VDE-2023-018/