CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37858 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37858
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37857 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37855 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37855
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37856 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37856
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37863 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37863
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •