Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-08-09T07:15:10.710
1 year agoLast modified
2023-12-14T15:15:07.630
10 months ago