Lucene search

CERTVDECVELIST:CVE-2023-3526

HistoryAug 08, 2023 - 6:56 a.m.

CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices

2023-08-0806:56:05

CWE-79

CERTVDE

www.cve.org

cve-2023-3526

cross-site scripting

phoenix contact

tc router

tc cloud client

cloud client

remote attacker

reflective xss

browser execution

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user’s browser.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CLOUD CLIENT 1101T-TX/TX",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.06.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC CLOUD CLIENT 1002-4G",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC CLOUD CLIENT 1002-4G ATT",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC CLOUD CLIENT 1002-4G VZW",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC ROUTER 3002T-4G",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC ROUTER 3002T-4G ATT",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TC ROUTER 3002T-4G VZW",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "2.07.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html

seclists.org/fulldisclosure/2023/Aug/12

cert.vde.com/en/advisories/VDE-2023-017

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVELIST:CVE-2023-3526