CVE-2023-3526

PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices

Severity Score

9.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.

*Credits: N/A

CVSS Scores

CERT VDEv3.1 9.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-06 CVE Reserved
2023-08-08 CVE Published
2024-08-02 CVE Updated
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
http://seclists.org/fulldisclosure/2023/Aug/12
https://cert.vde.com/en/advisories/VDE-2023-017	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Phoenixcontact Search vendor "Phoenixcontact"	Cloud Client 1101t-tx Firmware Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx Firmware"	< 2.06.10 Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx Firmware" and version " < 2.06.10"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Cloud Client 1101t-tx Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Att Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Att Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Vzw Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Vzw Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Att Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Att Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Vzw Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Vzw Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw"	-	-	Safe