CVE-2023-37855
CVSS V2 None
CVSS V3 None
Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.
Overview
- CVE ID
- CVE-2023-37855
- Assigner
- info@cert.vde.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-08-09T07:15:10
- Last Modified Date
- 2023-08-15T17:54:28
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:* | 1 | OR | 4.0.10 | |
cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-018/ | Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-37855 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37855 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-09-06 03:21:02 | Added to TrackCVE | |||
2023-09-06 03:21:05 | Weakness Enumeration | new |