CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-3569 – PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
https://notcve.org/view.php?id=CVE-2023-3569
08 Aug 2023 — In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities. • https://packetstorm.news/files/id/174152 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 1CVE-2023-3526 – PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
https://notcve.org/view.php?id=CVE-2023-3526
08 Aug 2023 — In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser. Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory... • https://packetstorm.news/files/id/174152 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 3CVE-2020-9435 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9435
12 Mar 2020 — PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certific... • https://packetstorm.news/files/id/156729 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 3CVE-2020-9436 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9436
12 Mar 2020 — PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, T... • https://packetstorm.news/files/id/156729 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •