4.9
CVE-2023-37858
- EPSS 0.03%
- Published 09.08.2023 07:15:10
- Last modified 21.11.2024 08:12:20
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
Data is provided by the National Vulnerability Database (NVD)
Phoenixcontact ≫ Wp 6070-wvps Firmware Version < 4.0.10
Phoenixcontact ≫ Wp 6101-wxps Firmware Version < 4.0.10
Phoenixcontact ≫ Wp 6121-wxps Firmware Version < 4.0.10
Phoenixcontact ≫ Wp 6156-whps Firmware Version < 4.0.10
Phoenixcontact ≫ Wp 6185-whps Firmware Version < 4.0.10
Phoenixcontact ≫ Wp 6215-whps Firmware Version < 4.0.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.058 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| info@cert.vde.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.