Vulnerability Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Wp 6070-Wvps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6070-Wvps | - |
| Phoenixcontact | Wp 6101-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6101-Wxps | - |
| Phoenixcontact | Wp 6121-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6121-Wxps | - |
| Phoenixcontact | Wp 6156-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6156-Whps | - |
| Phoenixcontact | Wp 6185-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6185-Whps | - |
| Phoenixcontact | Wp 6215-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6215-Whps | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
FAQ
What is CVE-2023-37858?
CVE-2023-37858 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an en...
How severe is CVE-2023-37858?
CVE-2023-37858 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37858?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Wp 6070-Wvps Firmware, Phoenixcontact Wp 6070-Wvps, Phoenixcontact Wp 6101-Wxps Firmware, Phoenixcontact Wp 6101-Wxps, Phoenixcontact Wp 6121-Wxps Firmware.