In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-018/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
14 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
15 Aug 2023, 17:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
CPE | cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Phoenixcontact wp 6121-wxps
Phoenixcontact wp 6101-wxps Phoenixcontact wp 6215-whps Firmware Phoenixcontact Phoenixcontact wp 6070-wvps Firmware Phoenixcontact wp 6121-wxps Firmware Phoenixcontact wp 6156-whps Firmware Phoenixcontact wp 6215-whps Phoenixcontact wp 6156-whps Phoenixcontact wp 6101-wxps Firmware Phoenixcontact wp 6070-wvps Phoenixcontact wp 6185-whps Phoenixcontact wp 6185-whps Firmware |
|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-018/ - Third Party Advisory | |
CWE | CWE-311 |
09 Aug 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 07:15
Updated : 2023-12-14 15:15
NVD link : CVE-2023-37858
Mitre link : CVE-2023-37858
CVE.ORG link : CVE-2023-37858
JSON object : View
Products Affected
phoenixcontact
- wp_6185-whps_firmware
- wp_6070-wvps_firmware
- wp_6156-whps_firmware
- wp_6215-whps_firmware
- wp_6121-wxps
- wp_6121-wxps_firmware
- wp_6101-wxps
- wp_6156-whps
- wp_6101-wxps_firmware
- wp_6070-wvps
- wp_6215-whps
- wp_6185-whps
CWE
CWE-311
Missing Encryption of Sensitive Data