CVE-2023-37855: PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Wp 6070-wvps | <4.0.10 | |
| Phoenixcontact WP 6070-WVPS | ||
| Phoenix Contact WP 6101-WXPS | <4.0.10 | |
| Phoenix Contact WP 6101-WXPS | ||
| Phoenix Contact Wp 6121-WXPS | <4.0.10 | |
| Phoenix Contact Wp 6121-WXPS | ||
| Phoenix Contact WP 6156 WHPS | <4.0.10 | |
| Phoenix Contact WP 6156 WHPS | ||
| Phoenix Contact WP 6185 WHPS Firmware | <4.0.10 | |
| Phoenix Contact WP 6185 WHPS | ||
| Phoenix Contact Wp 6215 | <4.0.10 | |
| Phoenix Contact Wp 6215 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/phoenixcontact
- canonical/phoenixcontact wp 6070-wvps
- canonical/phoenix contact wp 6101-wxps
- canonical/phoenix contact wp 6121-wxps
- canonical/phoenix contact wp 6156 whps
- canonical/phoenix contact wp 6185 whps firmware
- canonical/phoenix contact wp 6185 whps
- canonical/phoenix contact wp 6215