Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-3526
HistoryAug 08, 2023 - 7:15 a.m.

CVE-2023-3526

2023-08-0807:15:10
CWE-79
[email protected]
web.nvd.nist.gov
cve-2023-3526
unauthenticated remote attacker
reflective xss
code execution
browser context

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user’s browser.

Affected configurations

NVD
Node
phoenixcontactcloud_client_1101t-txMatch-
AND
phoenixcontactcloud_client_1101t-tx_firmwareRange<2.06.10
Node
phoenixcontacttc_cloud_client_1002-4g_attMatch-
AND
phoenixcontacttc_cloud_client_1002-4g_att_firmwareRange<2.07.2
Node
phoenixcontacttc_cloud_client_1002-4g_firmwareRange<2.07.2
AND
phoenixcontacttc_cloud_client_1002-4gMatch-
Node
phoenixcontacttc_cloud_client_1002-4g_vzw_firmwareRange<2.07.2
AND
phoenixcontacttc_cloud_client_1002-4g_vzwMatch-
Node
phoenixcontacttc_router_3002t-4g_att_firmwareRange<2.07.2
AND
phoenixcontacttc_router_3002t-4g_attMatch-
Node
phoenixcontacttc_router_3002t-4g_firmwareRange<2.07.2
AND
phoenixcontacttc_router_3002t-4gMatch-
Node
phoenixcontacttc_router_3002t-4g_vzw_firmwareRange<2.07.2
AND
phoenixcontacttc_router_3002t-4g_vzwMatch-

Related

cvelist 1
prion 1
cve 1
ics 1
packetstorm 1
cvelist
cvelist
CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
2023-08-08 06:56:05
prion
prion
Design/Logic Flaw
2023-08-08 07:15:00
cve
cve
CVE-2023-3526
2023-08-08 07:15:10
ics
ics
Phoenix Contact TC ROUTER and TC CLOUD CLIENT
2023-09-07 12:00:00
packetstorm
packetstorm
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
2023-08-14 00:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON
Related for NVD:CVE-2023-3526
cvelist1prion1cve1ics1packetstorm1