4.9
CVE-2023-3569
- EPSS 0.2%
- Veröffentlicht 08.08.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:34
- Quelle info@cert.vde.com
- Teams Watchlist Login
- Unerledigt Login
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Cloud Client 1101t-tx Firmware Version < 2.06.10
Phoenixcontact ≫ Tc Cloud Client 1002-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Vzw Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Vzw Firmware Version < 2.07.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.423 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.