CVE-2023-37862

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

Related CPE's

ophoenixcontactwp_6070-wvps_firmware********

hphoenixcontactwp_6070-wvps-*******

ophoenixcontactwp_6101-wxps_firmware********

hphoenixcontactwp_6101-wxps-*******

ophoenixcontactwp_6121-wxps_firmware********

hphoenixcontactwp_6121-wxps-*******

ophoenixcontactwp_6156-whps_firmware********

hphoenixcontactwp_6156-whps-*******

ophoenixcontactwp_6185-whps_firmware********

hphoenixcontactwp_6185-whps-*******

References

https://cert.vde.com/en/advisories/VDE-2023-018/

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io