First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
Phoenixcontact Wp 6070-wvps | ||
Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6101-wxps | ||
Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6121-wxps | ||
Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6156-whps | ||
Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6185-whps | ||
Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6215-whps |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-37856.
The severity of CVE-2023-37856 is medium with a severity value of 4.3.
PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 are affected by CVE-2023-37856.
A remote attacker with low privileges can gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser in PHOENIX CONTACTs WP 6xxx series web panels.
Yes, updating to version 4.0.10 or newer of the PHOENIX CONTACTs WP 6xxx series web panels firmware will fix the vulnerability.