CVE-2023-37855: PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.
Credit: info@cert.vde.com info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6070-wvps | ||
| Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6101-wxps | ||
| Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6121-wxps | ||
| Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6156-whps | ||
| Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6185-whps | ||
| Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6215-whps |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/phoenixcontact
- canonical/phoenixcontact wp 6070-wvps firmware
- canonical/phoenixcontact wp 6070-wvps
- canonical/phoenixcontact wp 6101-wxps firmware
- canonical/phoenixcontact wp 6101-wxps
- canonical/phoenixcontact wp 6121-wxps firmware
- canonical/phoenixcontact wp 6121-wxps
- canonical/phoenixcontact wp 6156-whps firmware
- canonical/phoenixcontact wp 6156-whps
- canonical/phoenixcontact wp 6185-whps firmware
- canonical/phoenixcontact wp 6185-whps
- canonical/phoenixcontact wp 6215-whps firmware
- canonical/phoenixcontact wp 6215-whps