9.6
CVE-2023-3526
- EPSS 0.61%
- Published 08.08.2023 07:15:10
- Last modified 21.11.2024 08:17:27
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
Data is provided by the National Vulnerability Database (NVD)
Phoenixcontact ≫ Cloud Client 1101t-tx Firmware Version < 2.06.10
Phoenixcontact ≫ Tc Cloud Client 1002-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Vzw Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Vzw Firmware Version < 2.07.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.685 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.