CVE-2023-37859

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

Related CPE's

ophoenixcontactwp_6070-wvps_firmware********

hphoenixcontactwp_6070-wvps-*******

ophoenixcontactwp_6101-wxps_firmware********

hphoenixcontactwp_6101-wxps-*******

ophoenixcontactwp_6121-wxps_firmware********

hphoenixcontactwp_6121-wxps-*******

ophoenixcontactwp_6156-whps_firmware********

hphoenixcontactwp_6156-whps-*******

ophoenixcontactwp_6185-whps_firmware********

hphoenixcontactwp_6185-whps-*******

References

https://cert.vde.com/en/advisories/VDE-2023-018/

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io