Vulnerabilities > Phoenixcontact > WP 6156 Whps Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-37857 Use of Hard-coded Credentials vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies.
network
low complexity
phoenixcontact CWE-798
7.2
2023-08-09 CVE-2023-37859 Improper Privilege Management vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.
network
low complexity
phoenixcontact CWE-269
7.2
2023-08-09 CVE-2023-37860 Missing Authorization vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.
network
low complexity
phoenixcontact CWE-862
7.5
2023-08-09 CVE-2023-37861 OS Command Injection vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.
network
low complexity
phoenixcontact CWE-78
8.8
2023-08-09 CVE-2023-37862 Missing Authorization vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API.
network
low complexity
phoenixcontact CWE-862
8.2
2023-08-09 CVE-2023-37863 OS Command Injection vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.
network
low complexity
phoenixcontact CWE-78
7.2
2023-08-09 CVE-2023-37864 Download of Code Without Integrity Check vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.
network
low complexity
phoenixcontact CWE-494
7.2
2023-08-08 CVE-2023-3570 OS Command Injection vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.
network
low complexity
phoenixcontact CWE-78
8.8
2023-08-08 CVE-2023-3571 OS Command Injection vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.
network
low complexity
phoenixcontact CWE-78
8.8
2023-08-08 CVE-2023-3573 OS Command Injection vulnerability in Phoenixcontact products
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.
network
low complexity
phoenixcontact CWE-78
8.8