14 results (0.002 seconds)

CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •