Lucene search

CERTVDECVE-2023-37862

HistoryAug 09, 2023 - 7:15 a.m.

CVE-2023-37862

2023-08-0907:15:11

CWE-862

CERTVDE

web.nvd.nist.gov

2461

phoenix contact

wp 6xxx

web panels

upload functions

remote access

ssl

denial of service

nvd

cve-2023-37862

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

Affected configurations

Nvd

Node

phoenixcontactwp_6070-wvps_firmwareRange<4.0.10

AND

phoenixcontactwp_6070-wvpsMatch-

Node

phoenixcontactwp_6101-wxps_firmwareRange<4.0.10

AND

phoenixcontactwp_6101-wxpsMatch-

Node

phoenixcontactwp_6121-wxps_firmwareRange<4.0.10

AND

phoenixcontactwp_6121-wxpsMatch-

Node

phoenixcontactwp_6156-whps_firmwareRange<4.0.10

AND

phoenixcontactwp_6156-whpsMatch-

Node

phoenixcontactwp_6185-whps_firmwareRange<4.0.10

AND

phoenixcontactwp_6185-whpsMatch-

Node

phoenixcontactwp_6215-whps_firmwareRange<4.0.10

AND

phoenixcontactwp_6215-whpsMatch-

VendorProductVersionCPE
phoenixcontactwp_6070-wvps_firmware*cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*
phoenixcontactwp_6070-wvps-cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*
phoenixcontactwp_6101-wxps_firmware*cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*
phoenixcontactwp_6101-wxps-cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*
phoenixcontactwp_6121-wxps_firmware*cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*
phoenixcontactwp_6121-wxps-cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*
phoenixcontactwp_6156-whps_firmware*cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*
phoenixcontactwp_6156-whps-cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*
phoenixcontactwp_6185-whps_firmware*cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*
phoenixcontactwp_6185-whps-cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	wp_6070-wvps_firmware	*	cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware::::::::
phoenixcontact	wp_6070-wvps	-	cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:::::::*
phoenixcontact	wp_6101-wxps_firmware	*	cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware::::::::
phoenixcontact	wp_6101-wxps	-	cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:::::::*
phoenixcontact	wp_6121-wxps_firmware	*	cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware::::::::
phoenixcontact	wp_6121-wxps	-	cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:::::::*
phoenixcontact	wp_6156-whps_firmware	*	cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware::::::::
phoenixcontact	wp_6156-whps	-	cpe:2.3:h:phoenixcontact:wp_6156-whps:-:::::::*
phoenixcontact	wp_6185-whps_firmware	*	cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware::::::::
phoenixcontact	wp_6185-whps	-	cpe:2.3:h:phoenixcontact:wp_6185-whps:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WP 6070-WVPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6101-WXPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6121-WXPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6156-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6185-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6215-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-018/

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

Related for CVE-2023-37862