First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
Phoenixcontact Wp 6070-wvps | ||
Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6101-wxps | ||
Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6121-wxps | ||
Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6156-whps | ||
Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6185-whps | ||
Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6215-whps | ||
All of | ||
Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
Phoenixcontact Wp 6070-wvps | ||
All of | ||
Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6101-wxps | ||
All of | ||
Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6121-wxps | ||
All of | ||
Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6156-whps | ||
All of | ||
Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6185-whps | ||
All of | ||
Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6215-whps |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability allows an authenticated remote attacker with admin privileges to read hardcoded cryptographic keys and decrypt an encrypted web application login password.
PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 are affected.
The severity of the vulnerability is medium with a CVSS score of 4.9.
An authenticated remote attacker with admin privileges can exploit the vulnerability to read hardcoded cryptographic keys and decrypt an encrypted web application login password.
More information about the vulnerability can be found at the following reference: https://cert.vde.com/en/advisories/VDE-2023-018/