← Zuruck zu CVEs
CVE-2023-37858
MEDIUM4.9
Beschreibung
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.
CVE Details
CVSS v3.1 Bewertung4.9
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht8/9/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
phoenixcontact:wp_6070-wvpsphoenixcontact:wp_6070-wvps_firmwarephoenixcontact:wp_6101-wxpsphoenixcontact:wp_6101-wxps_firmwarephoenixcontact:wp_6121-wxpsphoenixcontact:wp_6121-wxps_firmwarephoenixcontact:wp_6156-whpsphoenixcontact:wp_6156-whps_firmwarephoenixcontact:wp_6185-whpsphoenixcontact:wp_6185-whps_firmwarephoenixcontact:wp_6215-whpsphoenixcontact:wp_6215-whps_firmware
Schwachen (CWE)
CWE-311CWE-311
Referenzen
https://cert.vde.com/en/advisories/VDE-2023-018/(info@cert.vde.com)
https://cert.vde.com/en/advisories/VDE-2023-018/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.