Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

Related CPE's

o

phoenixcontact

wp_6070-wvps_firmware

Vulnerable

h

phoenixcontact

wp_6070-wvps

-

o

phoenixcontact

wp_6101-wxps_firmware

Vulnerable

h

phoenixcontact

wp_6101-wxps

-

o

phoenixcontact

wp_6121-wxps_firmware

Vulnerable

h

phoenixcontact

wp_6121-wxps

-

o

phoenixcontact

wp_6156-whps_firmware

Vulnerable

h

phoenixcontact

wp_6156-whps

-

o

phoenixcontact

wp_6185-whps_firmware

Vulnerable

h

phoenixcontact

wp_6185-whps

-

o

phoenixcontact

wp_6215-whps_firmware

Vulnerable

h

phoenixcontact

wp_6215-whps

-

References

https://cert.vde.com/en/advisories/VDE-2023-018/

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-311

[email protected]

Secondary
CWE-311

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-09T07:15:10.710

11 months ago

Last modified

2023-12-14T15:15:07.630

7 months ago