First published: Tue Aug 08 2023(Updated: )
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Cloud Client 1101t-tx Firmware | <2.06.10 | |
Phoenixcontact Cloud Client 1101t-tx | ||
Phoenixcontact Tc Cloud Client 1002-4g Att Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g Att | ||
Phoenixcontact Tc Cloud Client 1002-4g Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g | ||
Phoenixcontact Tc Cloud Client 1002-4g Vzw Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g Vzw | ||
Phoenixcontact Tc Router 3002t-4g Att Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g Att | ||
Phoenixcontact Tc Router 3002t-4g Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g | ||
Phoenixcontact Tc Router 3002t-4g Vzw Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g Vzw |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-3526.
CVE-2023-3526 has a severity rating of 9.6 (Critical).
PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT versions prior to 2.07.2, as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10, are affected by CVE-2023-3526.
An unauthenticated remote attacker can exploit CVE-2023-3526 by using a reflective XSS within the license viewer page of the affected devices to execute code in the context of the user's browser.
Yes, you can refer to the following links for more information on CVE-2023-3526: [Packetstorm Security](http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html), [SecLists](http://seclists.org/fulldisclosure/2023/Aug/12), [VDE Advisory](https://cert.vde.com/en/advisories/VDE-2023-017).