Page 3 of 101 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-494: Download of Code Without Integrity Check •

CVSS: 8.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-862: Missing Authorization •