CVE-2023-37856

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .

Related CPE's

ophoenixcontactwp_6070-wvps_firmware********

hphoenixcontactwp_6070-wvps-*******

ophoenixcontactwp_6101-wxps_firmware********

hphoenixcontactwp_6101-wxps-*******

ophoenixcontactwp_6121-wxps_firmware********

hphoenixcontactwp_6121-wxps-*******

ophoenixcontactwp_6156-whps_firmware********

hphoenixcontactwp_6156-whps-*******

ophoenixcontactwp_6185-whps_firmware********

hphoenixcontactwp_6185-whps-*******

References

https://cert.vde.com/en/advisories/VDE-2023-018/

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io