CVE-2023-37857
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| phoenixcontact:wp_6070-wvps_firmware | phoenixcontact wp 6070-wvps firmware | lt | 4.0.10 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "WP 6070-WVPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6101-WXPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6121-WXPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6156-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6185-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6215-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%