CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37858 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37858
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37857 – PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37857
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37855 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37855
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37856 – PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37856
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37863 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37863
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37859 – PHOENIX CONTACT: Improper Privilege Management in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37859
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37864 – PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check
https://notcve.org/view.php?id=CVE-2023-37864
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37862 – PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37862
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-37860 – PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37860
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 6%CPEs: 12EXPL: 0CVE-2023-37861 – PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
https://notcve.org/view.php?id=CVE-2023-37861
09 Aug 2023 — In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device. • https://cert.vde.com/en/advisories/VDE-2023-018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •