First published: Tue Aug 08 2023(Updated: )
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Cloud Client 1101t-tx Firmware | <2.06.10 | |
Phoenixcontact Cloud Client 1101t-tx | ||
Phoenixcontact Tc Cloud Client 1002-4g Att Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g Att | ||
Phoenixcontact Tc Cloud Client 1002-4g Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g | ||
Phoenixcontact Tc Cloud Client 1002-4g Vzw Firmware | <2.07.2 | |
Phoenixcontact Tc Cloud Client 1002-4g Vzw | ||
Phoenixcontact Tc Router 3002t-4g Att Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g Att | ||
Phoenixcontact Tc Router 3002t-4g Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g | ||
Phoenixcontact Tc Router 3002t-4g Vzw Firmware | <2.07.2 | |
Phoenixcontact Tc Router 3002t-4g Vzw |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-3569 is medium with a severity value of 4.9.
The affected software for CVE-2023-3569 includes PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10.
An authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service in CVE-2023-3569.
To mitigate the vulnerability, it is recommended to update PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT to version 2.07.2 or later.
Yes, you can find additional references for CVE-2023-3569 at the following links: [link1](http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html), [link2](http://seclists.org/fulldisclosure/2023/Aug/12), [link3](https://cert.vde.com/en/advisories/VDE-2023-017).