In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
2023-08-08T07:15:10.150
2024-11-21T08:17:27.967
Modified
CVSSv3.1: 9.6 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | phoenixcontact | cloud_client_1101t-tx_firmware | < 2.06.10 | Yes |
| Hardware | phoenixcontact | cloud_client_1101t-tx | - | No |
| Operating System | phoenixcontact | tc_cloud_client_1002-4g_att_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_cloud_client_1002-4g_att | - | No |
| Operating System | phoenixcontact | tc_cloud_client_1002-4g_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_cloud_client_1002-4g | - | No |
| Operating System | phoenixcontact | tc_cloud_client_1002-4g_vzw_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_cloud_client_1002-4g_vzw | - | No |
| Operating System | phoenixcontact | tc_router_3002t-4g_att_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_router_3002t-4g_att | - | No |
| Operating System | phoenixcontact | tc_router_3002t-4g_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_router_3002t-4g | - | No |
| Operating System | phoenixcontact | tc_router_3002t-4g_vzw_firmware | < 2.07.2 | Yes |
| Hardware | phoenixcontact | tc_router_3002t-4g_vzw | - | No |