CVE-2023-3569

PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.

*Credits: N/A

CVSS Scores

CERT VDEv3.1 4.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-10 CVE Reserved
2023-08-08 CVE Published
2024-08-02 CVE Updated
2024-08-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CAPEC

References (3)

URL	Tag	Source
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
http://seclists.org/fulldisclosure/2023/Aug/12
https://cert.vde.com/en/advisories/VDE-2023-017	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Phoenixcontact Search vendor "Phoenixcontact"	Cloud Client 1101t-tx Firmware Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx Firmware"	< 2.06.10 Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx Firmware" and version " < 2.06.10"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Cloud Client 1101t-tx Search vendor "Phoenixcontact" for product "Cloud Client 1101t-tx"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Att Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Att Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Att"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Vzw Firmware Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Cloud Client 1002-4g Vzw Search vendor "Phoenixcontact" for product "Tc Cloud Client 1002-4g Vzw"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Att Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Att Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Att"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g"	-	-	Safe
Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Vzw Firmware Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw Firmware"	< 2.07.2 Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw Firmware" and version " < 2.07.2"	-	Affected	in	Phoenixcontact Search vendor "Phoenixcontact"	Tc Router 3002t-4g Vzw Search vendor "Phoenixcontact" for product "Tc Router 3002t-4g Vzw"	-	-	Safe