CVE-2023-37858: PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Phoenixcontact Wp 6070-wvps | <4.0.10 | |
| Phoenixcontact WP 6070-WVPS | ||
| All of | ||
| Phoenix Contact WP 6101-WXPS | <4.0.10 | |
| Phoenix Contact WP 6101-WXPS | ||
| All of | ||
| Phoenix Contact Wp 6121-WXPS | <4.0.10 | |
| Phoenix Contact Wp 6121-WXPS | ||
| All of | ||
| Phoenix Contact WP 6156 WHPS | <4.0.10 | |
| Phoenix Contact WP 6156 WHPS | ||
| All of | ||
| Phoenix Contact WP 6185 WHPS Firmware | <4.0.10 | |
| Phoenix Contact WP 6185 WHPS | ||
| All of | ||
| Phoenix Contact Wp 6215 | <4.0.10 | |
| Phoenix Contact Wp 6215 | ||
| Phoenixcontact Wp 6070-wvps | <4.0.10 | |
| Phoenixcontact WP 6070-WVPS | ||
| Phoenix Contact WP 6101-WXPS | <4.0.10 | |
| Phoenix Contact WP 6101-WXPS | ||
| Phoenix Contact Wp 6121-WXPS | <4.0.10 | |
| Phoenix Contact Wp 6121-WXPS | ||
| Phoenix Contact WP 6156 WHPS | <4.0.10 | |
| Phoenix Contact WP 6156 WHPS | ||
| Phoenix Contact WP 6185 WHPS Firmware | <4.0.10 | |
| Phoenix Contact WP 6185 WHPS | ||
| Phoenix Contact Wp 6215 | <4.0.10 | |
| Phoenix Contact Wp 6215 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability of CVE-2023-37858?
The vulnerability allows an authenticated remote attacker with admin privileges to read hardcoded cryptographic keys and decrypt an encrypted web application login password.
Which software versions are affected by CVE-2023-37858?
PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 are affected.
What is the severity of CVE-2023-37858?
The severity of the vulnerability is medium with a CVSS score of 4.9.
How can an attacker exploit CVE-2023-37858?
An authenticated remote attacker with admin privileges can exploit the vulnerability to read hardcoded cryptographic keys and decrypt an encrypted web application login password.
Where can I find more information about CVE-2023-37858?
More information about the vulnerability can be found at the following reference: https://cert.vde.com/en/advisories/VDE-2023-018/
- agent/weakness
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/description
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/phoenixcontact
- canonical/phoenixcontact wp 6070-wvps
- canonical/phoenix contact wp 6101-wxps
- canonical/phoenix contact wp 6121-wxps
- canonical/phoenix contact wp 6156 whps
- canonical/phoenix contact wp 6185 whps firmware
- canonical/phoenix contact wp 6185 whps
- canonical/phoenix contact wp 6215