CVE-2023-3569: PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
First published: Tue Aug 08 2023(Updated: )
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Credit: info@cert.vde.com info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Cloud Client 1101t-tx Firmware | <2.06.10 | |
| Phoenixcontact Cloud Client 1101t-tx | ||
| Phoenixcontact Tc Cloud Client 1002-4g Att Firmware | <2.07.2 | |
| Phoenixcontact Tc Cloud Client 1002-4g Att | ||
| Phoenixcontact Tc Cloud Client 1002-4g Firmware | <2.07.2 | |
| Phoenixcontact Tc Cloud Client 1002-4g | ||
| Phoenixcontact Tc Cloud Client 1002-4g Vzw Firmware | <2.07.2 | |
| Phoenixcontact Tc Cloud Client 1002-4g Vzw | ||
| Phoenixcontact Tc Router 3002t-4g Att Firmware | <2.07.2 | |
| Phoenixcontact Tc Router 3002t-4g Att | ||
| Phoenixcontact Tc Router 3002t-4g Firmware | <2.07.2 | |
| Phoenixcontact Tc Router 3002t-4g | ||
| Phoenixcontact Tc Router 3002t-4g Vzw Firmware | <2.07.2 | |
| Phoenixcontact Tc Router 3002t-4g Vzw |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3569?
The severity of CVE-2023-3569 is medium with a severity value of 4.9.
What is the affected software for CVE-2023-3569?
The affected software for CVE-2023-3569 includes PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10.
How can an attacker exploit CVE-2023-3569?
An authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service in CVE-2023-3569.
What is the recommended solution for CVE-2023-3569?
To mitigate the vulnerability, it is recommended to update PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT to version 2.07.2 or later.
Are there any additional references for CVE-2023-3569?
Yes, you can find additional references for CVE-2023-3569 at the following links: [link1](http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html), [link2](http://seclists.org/fulldisclosure/2023/Aug/12), [link3](https://cert.vde.com/en/advisories/VDE-2023-017).
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/phoenixcontact
- canonical/phoenixcontact cloud client 1101t-tx firmware
- canonical/phoenixcontact cloud client 1101t-tx
- canonical/phoenixcontact tc cloud client 1002-4g att firmware
- canonical/phoenixcontact tc cloud client 1002-4g att
- canonical/phoenixcontact tc cloud client 1002-4g firmware
- canonical/phoenixcontact tc cloud client 1002-4g
- canonical/phoenixcontact tc cloud client 1002-4g vzw firmware
- canonical/phoenixcontact tc cloud client 1002-4g vzw
- canonical/phoenixcontact tc router 3002t-4g att firmware
- canonical/phoenixcontact tc router 3002t-4g att
- canonical/phoenixcontact tc router 3002t-4g firmware
- canonical/phoenixcontact tc router 3002t-4g
- canonical/phoenixcontact tc router 3002t-4g vzw firmware
- canonical/phoenixcontact tc router 3002t-4g vzw