CVE-2023-37858

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37858
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-018/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*
History

14 Dec 2023, 15:15

Type Values Removed Values Added
CWE CWE-798

15 Aug 2023, 17:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.8 		v2 : unknown
v3 : 4.9
CPE cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:*
First Time Phoenixcontact wp 6121-wxps
Phoenixcontact wp 6101-wxps
Phoenixcontact wp 6215-whps Firmware
Phoenixcontact
Phoenixcontact wp 6070-wvps Firmware
Phoenixcontact wp 6121-wxps Firmware
Phoenixcontact wp 6156-whps Firmware
Phoenixcontact wp 6215-whps
Phoenixcontact wp 6156-whps
Phoenixcontact wp 6101-wxps Firmware
Phoenixcontact wp 6070-wvps
Phoenixcontact wp 6185-whps
Phoenixcontact wp 6185-whps Firmware
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-018/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-018/ - Third Party Advisory
CWE CWE-798 CWE-311

09 Aug 2023, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-09 07:15

Updated : 2023-12-14 15:15

NVD link : CVE-2023-37858

Mitre link : CVE-2023-37858

CVE.ORG link : CVE-2023-37858

JSON object : View

Products Affected

phoenixcontact

  • wp_6185-whps_firmware
  • wp_6070-wvps_firmware
  • wp_6156-whps_firmware
  • wp_6215-whps_firmware
  • wp_6121-wxps
  • wp_6121-wxps_firmware
  • wp_6101-wxps
  • wp_6156-whps
  • wp_6101-wxps_firmware
  • wp_6070-wvps
  • wp_6215-whps
  • wp_6185-whps
CWE
CWE-311

Missing Encryption of Sensitive Data