PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
CVE-2023-3569

4.9MEDIUM

Key Information:

Vendor
Phoenix Contact
Status
Cloud Client 1101t-tx/tx
Tc Cloud Client 1002-4g
Tc Cloud Client 1002-4g Att
Tc Cloud Client 1002-4g Vzw
Vendor
CVE Published:
8 August 2023

Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

Affected Version(s)

CLOUD CLIENT 1101T-TX/TX 0 < 2.06.10

TC CLOUD CLIENT 1002-4G 0 < 2.07.2

TC CLOUD CLIENT 1002-4G ATT 0 < 2.07.2

References

https://cert.vde.com/en/advisories/VDE-2023-017
http://seclists.org/fulldisclosure/2023/Aug/12
http://packetstormsecurity.com/files/174152/Phoenix-Conta...

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-3569 : PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT | SecurityVulnerability.io