CVE-2023-37858 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels

🗓️ 09 Aug 2023 06:37:48Reported by CERTVDEType

PHOENIX CONTACT WP 6xxx Web panels Hard-coded Credentials Vulnerabilit

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of microprogramming software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from the use of rigidly encrypted account data. This allows a intruder to gain unauthorized access to protected information and compromise its integrity.	28 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-37858	9 Aug 202312:17	–	circl
CNNVD	PHOENIX CONTACTs WP 6xxx series web panels Trust Management Issues Vulnerability	9 Aug 202300:00	–	cnnvd
CVE	CVE-2023-37858	9 Aug 202306:37	–	cve
EUVD	EUVD-2023-41732	3 Oct 202520:07	–	euvd
NVD	CVE-2023-37858	9 Aug 202307:15	–	nvd
OSV	CVE-2023-37858	9 Aug 202307:15	–	osv
Prion	Hardcoded credentials	9 Aug 202307:15	–	prion
Positive Technologies	PT-2023-4515 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels	8 Aug 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "WP 6070-WVPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6101-WXPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6121-WXPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6156-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6185-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WP 6215-WHPS",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "4.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2023-018/

14 Dec 2023 14:34Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.14.9

EPSS0.00339

CWE-311