Vulnerability Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Wp 6070-Wvps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6070-Wvps | - |
| Phoenixcontact | Wp 6101-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6101-Wxps | - |
| Phoenixcontact | Wp 6121-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6121-Wxps | - |
| Phoenixcontact | Wp 6156-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6156-Whps | - |
| Phoenixcontact | Wp 6185-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6185-Whps | - |
| Phoenixcontact | Wp 6215-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6215-Whps | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
FAQ
What is CVE-2023-37857?
CVE-2023-37857 is a vulnerability with a CVSS score of 3.8 (LOW). In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to ...
How severe is CVE-2023-37857?
CVE-2023-37857 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37857?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Wp 6070-Wvps Firmware, Phoenixcontact Wp 6070-Wvps, Phoenixcontact Wp 6101-Wxps Firmware, Phoenixcontact Wp 6101-Wxps, Phoenixcontact Wp 6121-Wxps Firmware.