CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2023-3569 – PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
https://notcve.org/view.php?id=CVE-2023-3569
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities. • http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html http://seclists.org/fulldisclosure/2023/Aug/12 https://cert.vde.com/en/advisories/VDE-2023-017 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.6EPSS: 1%CPEs: 14EXPL: 0CVE-2023-3526 – PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
https://notcve.org/view.php?id=CVE-2023-3526
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser. Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities. • http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html http://seclists.org/fulldisclosure/2023/Aug/12 https://cert.vde.com/en/advisories/VDE-2023-017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2020-9435 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9435
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation. PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, TC ROUTER 3002T-4G ATT versiones hasta 2.05.3, TC CLOUD CLIENTE 1002-4G versiones hasta 2.03.17, y los dispositivos TC CLOUD CLIENTE 1002-TXTX versiones hasta 1.03.17, contienen un certificado embebido (y clave) que es usado por defecto para los servicios basados ??en web en el dispositivo. Los ataques de suplantación, de tipo man-in-the-middle o de descifrado pasivo son posibles si el certificado genérico no es reemplazado por un certificado específico del dispositivo durante la instalación. • http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/15 https://cert.vde.com/en-us/advisories https://cert.vde.com/en-us/advisories/vde-2020-003 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 13%CPEs: 12EXPL: 2CVE-2020-9436 – Phoenix Contact TC Router / TC Cloud Client Command Injection
https://notcve.org/view.php?id=CVE-2020-9436
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. PHOENIX CONTACT TC ROUTER 3002T-4G versiones hasta 2.05.3, TC ROUTER 2002T-3G versiones hasta 2.05.3, TC ROUTER 3002T-4G VZW versiones hasta 2.05.3, TC ROUTER 3002T-4G ATT versiones hasta 2.05.3, TC CLOUD CLIENTE 1002-4G versiones hasta 2.03.17, y los dispositivos TC CLOUD CLIENTE 1002-TXTX versiones hasta 1.03.17, permiten a usuarios autenticados inyectar comandos del sistema por medio de una petición POST modificada en una URL específica. Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. • http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/15 https://cert.vde.com/en-us/advisories https://cert.vde.com/en-us/advisories/vde-2020-003 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •