Vulnerability Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Wp 6070-Wvps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6070-Wvps | - |
| Phoenixcontact | Wp 6101-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6101-Wxps | - |
| Phoenixcontact | Wp 6121-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6121-Wxps | - |
| Phoenixcontact | Wp 6156-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6156-Whps | - |
| Phoenixcontact | Wp 6185-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6185-Whps | - |
| Phoenixcontact | Wp 6215-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6215-Whps | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
FAQ
What is CVE-2023-37856?
CVE-2023-37856 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dia...
How severe is CVE-2023-37856?
CVE-2023-37856 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37856?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Wp 6070-Wvps Firmware, Phoenixcontact Wp 6070-Wvps, Phoenixcontact Wp 6101-Wxps Firmware, Phoenixcontact Wp 6101-Wxps, Phoenixcontact Wp 6121-Wxps Firmware.