Vulnerability Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Wp 6070-Wvps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6070-Wvps | - |
| Phoenixcontact | Wp 6101-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6101-Wxps | - |
| Phoenixcontact | Wp 6121-Wxps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6121-Wxps | - |
| Phoenixcontact | Wp 6156-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6156-Whps | - |
| Phoenixcontact | Wp 6185-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6185-Whps | - |
| Phoenixcontact | Wp 6215-Whps Firmware | < 4.0.10 |
| Phoenixcontact | Wp 6215-Whps | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-018/Third Party Advisory
FAQ
What is CVE-2023-37862?
CVE-2023-37862 is a vulnerability with a CVSS score of 8.2 (HIGH). In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...
How severe is CVE-2023-37862?
CVE-2023-37862 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37862?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Wp 6070-Wvps Firmware, Phoenixcontact Wp 6070-Wvps, Phoenixcontact Wp 6101-Wxps Firmware, Phoenixcontact Wp 6101-Wxps, Phoenixcontact Wp 6121-Wxps Firmware.