CVE-2023-37858
Summary
| CVE | CVE-2023-37858 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-09 07:15:00 UTC |
| Updated | 2023-11-14 10:15:00 UTC |
| Description | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Phoenixcontact | Wp 6070-wvps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6070-wvps Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Wp 6101-wxps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6101-wxps Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Wp 6121-wxps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6121-wxps Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Wp 6156-whps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6156-whps Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Wp 6185-whps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6185-whps Firmware | All | All | All | All |
| Hardware | Phoenixcontact | Wp 6215-whps | - | All | All | All |
| Operating System | Phoenixcontact | Wp 6215-whps Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2023-018 | CERT@VDE | MISC | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.