4.9
CVE-2023-3569
- EPSS 0.27%
- Veröffentlicht 08.08.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:34
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginPHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Cloud Client 1101t-tx Firmware Version < 2.06.10
Phoenixcontact ≫ Tc Cloud Client 1002-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Vzw Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Vzw Firmware Version < 2.07.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.