Vulnerability Description
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Cloud Client 1101T-Tx Firmware | < 2.06.10 |
| Phoenixcontact | Cloud Client 1101T-Tx | - |
| Phoenixcontact | Tc Cloud Client 1002-4G Att Firmware | < 2.07.2 |
| Phoenixcontact | Tc Cloud Client 1002-4G Att | - |
| Phoenixcontact | Tc Cloud Client 1002-4G Firmware | < 2.07.2 |
| Phoenixcontact | Tc Cloud Client 1002-4G | - |
| Phoenixcontact | Tc Cloud Client 1002-4G Vzw Firmware | < 2.07.2 |
| Phoenixcontact | Tc Cloud Client 1002-4G Vzw | - |
| Phoenixcontact | Tc Router 3002T-4G Att Firmware | < 2.07.2 |
| Phoenixcontact | Tc Router 3002T-4G Att | - |
| Phoenixcontact | Tc Router 3002T-4G Firmware | < 2.07.2 |
| Phoenixcontact | Tc Router 3002T-4G | - |
| Phoenixcontact | Tc Router 3002T-4G Vzw Firmware | < 2.07.2 |
| Phoenixcontact | Tc Router 3002T-4G Vzw | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017Third Party Advisory
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017Third Party Advisory
FAQ
What is CVE-2023-3526?
CVE-2023-3526 is a vulnerability with a CVSS score of 9.6 (CRITICAL). In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within ...
How severe is CVE-2023-3526?
CVE-2023-3526 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-3526?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Cloud Client 1101T-Tx Firmware, Phoenixcontact Cloud Client 1101T-Tx, Phoenixcontact Tc Cloud Client 1002-4G Att Firmware, Phoenixcontact Tc Cloud Client 1002-4G Att, Phoenixcontact Tc Cloud Client 1002-4G Firmware.