Vulnerabilities > Phoenixcontact > TC Cloud Client 1002 4G Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-3569 XML Entity Expansion vulnerability in Phoenixcontact products
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
network
low complexity
phoenixcontact CWE-776
4.9
2020-03-12 CVE-2020-9435 Use of Hard-coded Credentials vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device.
network
low complexity
phoenixcontact CWE-798
5.0