Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

Published

2023-08-09T07:15:10.710

Last Modified

2024-11-21T08:12:20.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-311
Type: Secondary
CWE-311

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	wp_6070-wvps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6070-wvps	-	No
Operating System	phoenixcontact	wp_6101-wxps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6101-wxps	-	No
Operating System	phoenixcontact	wp_6121-wxps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6121-wxps	-	No
Operating System	phoenixcontact	wp_6156-whps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6156-whps	-	No
Operating System	phoenixcontact	wp_6185-whps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6185-whps	-	No
Operating System	phoenixcontact	wp_6215-whps_firmware	< 4.0.10	Yes
Hardware	phoenixcontact	wp_6215-whps	-	No

References

https://cert.vde.com/en/advisories/VDE-2023-018/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2023-018/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)