Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-08-09T07:15:10.710
11 months agoLast modified
2023-12-14T15:15:07.630
7 months ago