4.9
CVE-2023-3569
- EPSS 0.2%
- Published 08.08.2023 07:15:10
- Last modified 21.11.2024 08:17:34
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Data is provided by the National Vulnerability Database (NVD)
Phoenixcontact ≫ Cloud Client 1101t-tx Firmware Version < 2.06.10
Phoenixcontact ≫ Tc Cloud Client 1002-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Cloud Client 1002-4g Vzw Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Att Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Firmware Version < 2.07.2
Phoenixcontact ≫ Tc Router 3002t-4g Vzw Firmware Version < 2.07.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.423 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.