Vulnerability Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Wp 6070-Wvps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6070-Wvps | - |
| Phoenixcontact | Wp 6101-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6101-Wxps | - |
| Phoenixcontact | Wp 6121-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6121-Wxps | - |
| Phoenixcontact | Wp 6156-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6156-Whps | - |
| Phoenixcontact | Wp 6185-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6185-Whps | - |
| Phoenixcontact | Wp 6215-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6215-Whps | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
FAQ
What is CVE-2023-3572?
CVE-2023-3572 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to ga...
How severe is CVE-2023-3572?
CVE-2023-3572 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-3572?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Wp 6070-Wvps Firmware, Phoenixcontact Wp 6070-Wvps, Phoenixcontact Wp 6101-Wxps Firmware, Phoenixcontact Wp 6101-Wxps, Phoenixcontact Wp 6121-Wxps Firmware.