CVE-2023-3526

CVSS V2 None CVSS V3 None

Description

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

Overview

CVE ID
CVE-2023-3526

Assigner
CERTVDE

Vulnerability Status
PUBLISHED

Published Version
2023-08-08T06:56:05.827Z

Last Modified Date
2023-08-08T06:56:05.827Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://cert.vde.com/en/advisories/VDE-2023-017
http://seclists.org/fulldisclosure/2023/Aug/12
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3526
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3526

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 21:16:23				Added to TrackCVE