CVE-2023-37863: PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
First published: Wed Aug 09 2023(Updated: )
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.
Credit: info@cert.vde.com info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Wp 6070-wvps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6070-wvps | ||
| Phoenixcontact Wp 6101-wxps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6101-wxps | ||
| Phoenixcontact Wp 6121-wxps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6121-wxps | ||
| Phoenixcontact Wp 6156-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6156-whps | ||
| Phoenixcontact Wp 6185-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6185-whps | ||
| Phoenixcontact Wp 6215-whps Firmware | <4.0.10 | |
| Phoenixcontact Wp 6215-whps |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-37863?
CVE-2023-37863 is a vulnerability in PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 that allows a remote attacker with SNMPv2 write privileges to gain full access to the device.
How can a remote attacker exploit CVE-2023-37863?
A remote attacker with SNMPv2 write privileges can exploit CVE-2023-37863 by using a special SNMP request to gain full access to the affected device.
What is the severity of CVE-2023-37863?
CVE-2023-37863 has a severity rating of 7.2 (high).
Which software versions of PHOENIX CONTACTs WP 6xxx series web panels are affected by CVE-2023-37863?
Versions prior to 4.0.10 of PHOENIX CONTACTs WP 6xxx series web panels are affected by CVE-2023-37863.
How can I fix CVE-2023-37863?
To fix CVE-2023-37863, users should update their PHOENIX CONTACT WP 6xxx series web panels to version 4.0.10 or later.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/phoenixcontact
- canonical/phoenixcontact wp 6070-wvps firmware
- canonical/phoenixcontact wp 6070-wvps
- canonical/phoenixcontact wp 6101-wxps firmware
- canonical/phoenixcontact wp 6101-wxps
- canonical/phoenixcontact wp 6121-wxps firmware
- canonical/phoenixcontact wp 6121-wxps
- canonical/phoenixcontact wp 6156-whps firmware
- canonical/phoenixcontact wp 6156-whps
- canonical/phoenixcontact wp 6185-whps firmware
- canonical/phoenixcontact wp 6185-whps
- canonical/phoenixcontact wp 6215-whps firmware
- canonical/phoenixcontact wp 6215-whps