First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
Phoenixcontact Wp 6070-wvps | ||
Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6101-wxps | ||
Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
Phoenixcontact Wp 6121-wxps | ||
Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6156-whps | ||
Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6185-whps | ||
Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
Phoenixcontact Wp 6215-whps |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-37862.
The severity level of CVE-2023-37862 is high with a score of 8.2.
The PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 are affected by CVE-2023-37862.
CVE-2023-37862 allows an unauthenticated remote attacker to access upload-functions of the HTTP API, which can cause certificate errors for SSL-connections and result in a partial denial-of-service.
You can find more information about CVE-2023-37862 at the following link: [VDE-2023-018](https://cert.vde.com/en/advisories/VDE-2023-018/)