PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
CVE-2023-37855

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP 6070-wvps; WP 6101-wxps; WP 6121-wxps; WP 6156-wHPs
Vendor: CVE Published:; 9 August 2023

Summary

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.

Affected Version(s)

WP 6070-WVPS 0 < 4.0.10

WP 6101-WXPS 0 < 4.0.10

WP 6121-WXPS 0 < 4.0.10

References

https://cert.vde.com/en/advisories/VDE-2023-018/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2023
Vulnerability Reserved
Jul 10, 2023

Credit

Gabriele Quagliarella from Nozomi Networks Labs

.